| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: von 1&1 über Trojaner Torpig informiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2012, 21:56
| #1 |
| |  von 1&1 über Trojaner Torpig informiert Hallo und guten Abend liebe Board-Gemeinde, hab vor 2 Tagen Info in meiner Mail von 1&1, das bei mir der Trojaner Torpig festgestellt wurde. Nun laufen bei uns 3 Rechner: 1 PC Win7 1 PC Winxp 1 Laptop win 7 wobei der laptop nicht immer da ist ,da er meiner großen Tochter gehört. der xp-pc soll eh bald geschrottet werden. Nun können wir erstmal den win7 pc testen... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ********** :: HÖLLENMASCHINE [Administrator] 10.11.2012 20:16:02 mbam-log-2012-11-10 (20-16-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 445560 Laufzeit: 1 Stunde(n), 14 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke erstmal im voraus ! |
|
10.11.2012, 21:58
| #2 |
| /// Malware-holic   | von 1&1 über Trojaner Torpig informiert hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
10.11.2012, 22:18
| #3 |
| | von 1&1 über Trojaner Torpig informiert OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.11.2012 22:04:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,41% Memory free 8,00 Gb Paging File | 5,84 Gb Available in Paging File | 72,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,77 Gb Total Space | 19,33 Gb Free Space | 17,93% Space Free | Partition Type: NTFS Drive D: | 178,99 Gb Total Space | 151,85 Gb Free Space | 84,83% Space Free | Partition Type: NTFS Drive E: | 179,00 Gb Total Space | 61,36 Gb Free Space | 34,28% Space Free | Partition Type: NTFS Computer Name: HÖLLENMASCHINE | User Name: Rene Geißler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rene Geißler\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\PROGRA~3\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB AA 85 60 F8 E4 CC 01 [binary data] IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.de" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.15 13:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] [2012.02.06 19:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.14 23:44:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\fb_add_on@avm.de [2012.02.15 13:48:36 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\firefox\profiles\l5pvbbfk.default\extensions\DivXWebPlayer@divx.com.xpi [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.02.15 13:45:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\FB_ADD_ON@AVM.DE [2012.10.27 20:39:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 19:38:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1000..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15816330-1F70-45F2-B974-FC29E785CA50}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB84F225-514E-4020-9314-B5F9C8D7076D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.12 02:40:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 14:19:03 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2012.11.10 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{944B229A-BC99-40A3-A410-7BB58F343607} [2012.11.09 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D31871F8-EE4C-43C2-893D-C63B2BF76180} [2012.11.08 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{56F4D72F-EBE3-45F0-BECF-F1BD4BFA9E4D} [2012.11.08 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{94203470-7812-4177-81C4-6912BE462EF4} [2012.11.07 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{566BB90F-85B2-4ED3-B5BA-BF416950420E} [2012.11.06 21:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{02E4EE4B-67FB-4CF9-8325-5116EC0A16CE} [2012.11.05 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{DB35F6E8-4EDB-4186-ADA2-9AFC511484A7} [2012.11.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7848A40D-4E02-4FAB-B915-92DE55243481} [2012.11.04 02:12:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2C6C12D2-DD00-4567-A325-DE16777D94E5} [2012.11.03 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{73598413-21CB-49EC-84A7-76118904DAC2} [2012.11.02 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{95A40EBC-0C35-458C-B777-4B788C9B27D9} [2012.11.01 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{E643F516-76F5-4943-BAF6-86BAFBF56727} [2012.10.31 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{AEDF8D4F-CFDF-4097-88DB-1F5CD649327B} [2012.10.31 00:55:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{244BCA57-4CC8-4A57-BEF6-5A13DC90ABDD} [2012.10.30 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{20DE2AB3-F0EB-413E-99B8-B1C9E1DD3528} [2012.10.29 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{F344C6B0-1969-4658-B40E-AC4D5BD6A174} [2012.10.29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{CE77726F-5914-4F7A-9FDA-B1700AF568A3} [2012.10.29 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Microsoft Games [2012.10.29 00:56:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D99E0A74-7839-47B5-8D41-3C6517C96BD0} [2012.10.28 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\MigWiz [2012.10.27 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8670059C-9AB9-4C33-8879-03DBA0D36582} [2012.10.27 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 08:45:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{EE435E1B-3AF6-4F9E-83D7-BB1D4F33BB79} [2012.10.27 08:30:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{BCF09DEE-7C09-41E0-B9FD-994C801168AE} [2012.10.26 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{443D0A17-6283-479E-A67F-CB7C49562B1B} [2012.10.25 17:46:26 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{25DFE465-8BC4-4640-822A-108CC5EB25C2} [2012.10.24 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3FFA7E0A-4B3C-4315-99F2-C0E4BC31D60E} [2012.10.23 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{9B1606DD-7D82-44E1-B4EB-0C681D9F01AE} [2012.10.22 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1C762F4F-57EB-4F2F-BF13-3F56EC52A56B} [2012.10.21 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{117E8BF5-6916-46A5-A8F1-4DA5E2D3FB6C} [2012.10.21 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{6ED0BFD9-6C1D-45B6-BB83-3DAD4559AA15} [2012.10.20 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7B5EF6CC-9492-4261-8760-6DEB15B4FE4C} [2012.10.20 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2DA953C1-9379-47F7-A9B8-15CF563A6ABF} [2012.10.20 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.19 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.10.19 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.10.19 18:47:19 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3C324225-5FDC-4EED-B0AF-79289CFC38A1} [2012.10.18 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8BA0B0E6-CF9E-43AA-AD8A-C823E1BD438C} [2012.10.17 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1E30BB42-EE8A-4F23-BFD0-7708CE395461} [2012.10.16 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{C91B4922-5B45-4A87-9179-DFF48A1AF0EF} [2012.10.15 18:00:54 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{52019DA0-6FA2-4214-9D83-90E440EB2780} [2012.10.14 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{98D3C79C-2F16-435A-BC76-6F9DC30E5422} [2012.10.14 12:00:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\.dvdcss [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Documents\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo [2012.10.14 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo [2012.10.14 11:58:20 | 000,066,944 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysWow64\thdudf.sys [2012.10.14 11:58:20 | 000,066,944 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysWow64\drivers\thdudf.sys [2012.10.14 11:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2012.10.14 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{97EECF07-73CC-454D-ABAA-4368737DD7F2} [2012.10.13 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.10.13 21:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Abelssoft [2012.10.13 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti [2012.10.13 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UpdateYeti [2012.10.13 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Desktop\Trek Stor [2012.10.13 11:36:07 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{0A2DCC9C-3251-4E73-9CCB-B5E015394212} [2012.10.12 18:16:22 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D273C468-11C0-4FB3-A0F0-A4AADE20F3E2} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.10 21:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 16:36:56 | 001,526,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.10 16:36:56 | 000,668,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.10 16:36:56 | 000,620,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.10 16:36:56 | 000,134,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.10 16:36:56 | 000,110,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 13:45:50 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.11.04 22:45:06 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.28 21:17:23 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 14:25:50 | 000,014,743 | ---- | M] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.14 11:58:22 | 000,001,562 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.26 14:25:48 | 000,014,743 | ---- | C] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.19 21:38:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.10.14 11:58:22 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2012.10.14 11:58:20 | 000,003,945 | ---- | C] () -- C:\Windows\SysWow64\thdudf.inf [2012.02.11 12:58:30 | 000,098,344 | ---- | C] () -- C:\Windows\unPMV.exe [2012.02.07 22:44:56 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.02.17 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Canneverbe Limited [2012.10.19 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.02.13 23:15:10 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Need for Speed World [2012.02.27 21:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\OpenOffice.org [2012.02.07 22:45:47 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\SoftMaker [2012.10.14 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.04.22 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2012 22:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rene Geißler\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 50,43% Memory free 8,00 Gb Paging File | 5,82 Gb Available in Paging File | 72,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,77 Gb Total Space | 19,33 Gb Free Space | 17,93% Space Free | Partition Type: NTFS Drive D: | 178,99 Gb Total Space | 151,85 Gb Free Space | 84,83% Space Free | Partition Type: NTFS Drive E: | 179,00 Gb Total Space | 61,36 Gb Free Space | 34,28% Space Free | Partition Type: NTFS Computer Name: HÖLLENMASCHINE | User Name: Rene Geißler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rene Geißler\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\PROGRA~3\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB AA 85 60 F8 E4 CC 01 [binary data] IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.de" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.15 13:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] [2012.02.06 19:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.14 23:44:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\fb_add_on@avm.de [2012.02.15 13:48:36 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\firefox\profiles\l5pvbbfk.default\extensions\DivXWebPlayer@divx.com.xpi [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.02.15 13:45:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\FB_ADD_ON@AVM.DE [2012.10.27 20:39:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 19:38:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1000..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15816330-1F70-45F2-B974-FC29E785CA50}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB84F225-514E-4020-9314-B5F9C8D7076D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.12 02:40:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{944B229A-BC99-40A3-A410-7BB58F343607} [2012.11.09 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D31871F8-EE4C-43C2-893D-C63B2BF76180} [2012.11.08 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{56F4D72F-EBE3-45F0-BECF-F1BD4BFA9E4D} [2012.11.08 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{94203470-7812-4177-81C4-6912BE462EF4} [2012.11.07 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{566BB90F-85B2-4ED3-B5BA-BF416950420E} [2012.11.06 21:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{02E4EE4B-67FB-4CF9-8325-5116EC0A16CE} [2012.11.05 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{DB35F6E8-4EDB-4186-ADA2-9AFC511484A7} [2012.11.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7848A40D-4E02-4FAB-B915-92DE55243481} [2012.11.04 02:12:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2C6C12D2-DD00-4567-A325-DE16777D94E5} [2012.11.03 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{73598413-21CB-49EC-84A7-76118904DAC2} [2012.11.02 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{95A40EBC-0C35-458C-B777-4B788C9B27D9} [2012.11.01 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{E643F516-76F5-4943-BAF6-86BAFBF56727} [2012.10.31 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{AEDF8D4F-CFDF-4097-88DB-1F5CD649327B} [2012.10.31 00:55:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{244BCA57-4CC8-4A57-BEF6-5A13DC90ABDD} [2012.10.30 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{20DE2AB3-F0EB-413E-99B8-B1C9E1DD3528} [2012.10.29 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{F344C6B0-1969-4658-B40E-AC4D5BD6A174} [2012.10.29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{CE77726F-5914-4F7A-9FDA-B1700AF568A3} [2012.10.29 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Microsoft Games [2012.10.29 00:56:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D99E0A74-7839-47B5-8D41-3C6517C96BD0} [2012.10.28 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\MigWiz [2012.10.27 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8670059C-9AB9-4C33-8879-03DBA0D36582} [2012.10.27 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 08:45:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{EE435E1B-3AF6-4F9E-83D7-BB1D4F33BB79} [2012.10.27 08:30:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{BCF09DEE-7C09-41E0-B9FD-994C801168AE} [2012.10.26 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{443D0A17-6283-479E-A67F-CB7C49562B1B} [2012.10.25 17:46:26 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{25DFE465-8BC4-4640-822A-108CC5EB25C2} [2012.10.24 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3FFA7E0A-4B3C-4315-99F2-C0E4BC31D60E} [2012.10.23 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{9B1606DD-7D82-44E1-B4EB-0C681D9F01AE} [2012.10.22 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1C762F4F-57EB-4F2F-BF13-3F56EC52A56B} [2012.10.21 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{117E8BF5-6916-46A5-A8F1-4DA5E2D3FB6C} [2012.10.21 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{6ED0BFD9-6C1D-45B6-BB83-3DAD4559AA15} [2012.10.20 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7B5EF6CC-9492-4261-8760-6DEB15B4FE4C} [2012.10.20 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2DA953C1-9379-47F7-A9B8-15CF563A6ABF} [2012.10.20 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.19 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.10.19 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.10.19 18:47:19 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3C324225-5FDC-4EED-B0AF-79289CFC38A1} [2012.10.18 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8BA0B0E6-CF9E-43AA-AD8A-C823E1BD438C} [2012.10.17 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1E30BB42-EE8A-4F23-BFD0-7708CE395461} [2012.10.16 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{C91B4922-5B45-4A87-9179-DFF48A1AF0EF} [2012.10.15 18:00:54 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{52019DA0-6FA2-4214-9D83-90E440EB2780} [2012.10.14 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{98D3C79C-2F16-435A-BC76-6F9DC30E5422} [2012.10.14 12:00:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\.dvdcss [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Documents\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo [2012.10.14 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo [2012.10.14 11:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2012.10.14 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{97EECF07-73CC-454D-ABAA-4368737DD7F2} [2012.10.13 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.10.13 21:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Abelssoft [2012.10.13 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti [2012.10.13 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UpdateYeti [2012.10.13 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Desktop\Trek Stor [2012.10.13 11:36:07 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{0A2DCC9C-3251-4E73-9CCB-B5E015394212} [2012.10.12 18:16:22 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D273C468-11C0-4FB3-A0F0-A4AADE20F3E2} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.10 21:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 16:36:56 | 001,526,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.10 16:36:56 | 000,668,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.10 16:36:56 | 000,620,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.10 16:36:56 | 000,134,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.10 16:36:56 | 000,110,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 13:45:50 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.11.04 22:45:06 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.28 21:17:23 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 14:25:50 | 000,014,743 | ---- | M] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.14 11:58:22 | 000,001,562 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.26 14:25:48 | 000,014,743 | ---- | C] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.19 21:38:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.10.14 11:58:22 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2012.10.14 11:58:20 | 000,003,945 | ---- | C] () -- C:\Windows\SysWow64\thdudf.inf [2012.02.11 12:58:30 | 000,098,344 | ---- | C] () -- C:\Windows\unPMV.exe [2012.02.07 22:44:56 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.02.17 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Canneverbe Limited [2012.10.19 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.02.13 23:15:10 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Need for Speed World [2012.02.27 21:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\OpenOffice.org [2012.02.07 22:45:47 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\SoftMaker [2012.10.14 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.04.22 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2012 22:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rene Geißler\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 50,43% Memory free 8,00 Gb Paging File | 5,82 Gb Available in Paging File | 72,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,77 Gb Total Space | 19,33 Gb Free Space | 17,93% Space Free | Partition Type: NTFS Drive D: | 178,99 Gb Total Space | 151,85 Gb Free Space | 84,83% Space Free | Partition Type: NTFS Drive E: | 179,00 Gb Total Space | 61,36 Gb Free Space | 34,28% Space Free | Partition Type: NTFS Computer Name: HÖLLENMASCHINE | User Name: Rene Geißler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rene Geißler\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\PROGRA~3\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB AA 85 60 F8 E4 CC 01 [binary data] IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.de" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.15 13:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:39:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:39:12 | 000,000,000 | ---D | M] [2012.02.06 19:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions [2012.02.06 19:42:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\bezpg9pz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions [2012.11.10 15:23:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.14 23:44:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\fb_add_on@avm.de [2012.02.15 13:48:36 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Rene Geißler\AppData\Roaming\mozilla\firefox\profiles\l5pvbbfk.default\extensions\DivXWebPlayer@divx.com.xpi [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.27 20:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.02.15 13:45:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI File not found (No name found) -- C:\USERS\RENE GEIßLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L5PVBBFK.DEFAULT\EXTENSIONS\FB_ADD_ON@AVM.DE [2012.10.27 20:39:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 19:38:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1000..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4161975604-971923823-3228321193-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15816330-1F70-45F2-B974-FC29E785CA50}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB84F225-514E-4020-9314-B5F9C8D7076D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.12 02:40:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{944B229A-BC99-40A3-A410-7BB58F343607} [2012.11.09 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D31871F8-EE4C-43C2-893D-C63B2BF76180} [2012.11.08 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{56F4D72F-EBE3-45F0-BECF-F1BD4BFA9E4D} [2012.11.08 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{94203470-7812-4177-81C4-6912BE462EF4} [2012.11.07 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{566BB90F-85B2-4ED3-B5BA-BF416950420E} [2012.11.06 21:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{02E4EE4B-67FB-4CF9-8325-5116EC0A16CE} [2012.11.05 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{DB35F6E8-4EDB-4186-ADA2-9AFC511484A7} [2012.11.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7848A40D-4E02-4FAB-B915-92DE55243481} [2012.11.04 02:12:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2C6C12D2-DD00-4567-A325-DE16777D94E5} [2012.11.03 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{73598413-21CB-49EC-84A7-76118904DAC2} [2012.11.02 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{95A40EBC-0C35-458C-B777-4B788C9B27D9} [2012.11.01 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{E643F516-76F5-4943-BAF6-86BAFBF56727} [2012.10.31 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{AEDF8D4F-CFDF-4097-88DB-1F5CD649327B} [2012.10.31 00:55:21 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{244BCA57-4CC8-4A57-BEF6-5A13DC90ABDD} [2012.10.30 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{20DE2AB3-F0EB-413E-99B8-B1C9E1DD3528} [2012.10.29 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{F344C6B0-1969-4658-B40E-AC4D5BD6A174} [2012.10.29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{CE77726F-5914-4F7A-9FDA-B1700AF568A3} [2012.10.29 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Microsoft Games [2012.10.29 00:56:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D99E0A74-7839-47B5-8D41-3C6517C96BD0} [2012.10.28 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\MigWiz [2012.10.27 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8670059C-9AB9-4C33-8879-03DBA0D36582} [2012.10.27 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 08:45:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{EE435E1B-3AF6-4F9E-83D7-BB1D4F33BB79} [2012.10.27 08:30:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{BCF09DEE-7C09-41E0-B9FD-994C801168AE} [2012.10.26 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{443D0A17-6283-479E-A67F-CB7C49562B1B} [2012.10.25 17:46:26 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{25DFE465-8BC4-4640-822A-108CC5EB25C2} [2012.10.24 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3FFA7E0A-4B3C-4315-99F2-C0E4BC31D60E} [2012.10.23 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{9B1606DD-7D82-44E1-B4EB-0C681D9F01AE} [2012.10.22 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1C762F4F-57EB-4F2F-BF13-3F56EC52A56B} [2012.10.21 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{117E8BF5-6916-46A5-A8F1-4DA5E2D3FB6C} [2012.10.21 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{6ED0BFD9-6C1D-45B6-BB83-3DAD4559AA15} [2012.10.20 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{7B5EF6CC-9492-4261-8760-6DEB15B4FE4C} [2012.10.20 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{2DA953C1-9379-47F7-A9B8-15CF563A6ABF} [2012.10.20 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.19 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.10.19 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.10.19 18:47:19 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{3C324225-5FDC-4EED-B0AF-79289CFC38A1} [2012.10.18 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{8BA0B0E6-CF9E-43AA-AD8A-C823E1BD438C} [2012.10.17 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{1E30BB42-EE8A-4F23-BFD0-7708CE395461} [2012.10.16 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{C91B4922-5B45-4A87-9179-DFF48A1AF0EF} [2012.10.15 18:00:54 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{52019DA0-6FA2-4214-9D83-90E440EB2780} [2012.10.14 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{98D3C79C-2F16-435A-BC76-6F9DC30E5422} [2012.10.14 12:00:10 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\.dvdcss [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Documents\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.10.14 11:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo [2012.10.14 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo [2012.10.14 11:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2012.10.14 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{97EECF07-73CC-454D-ABAA-4368737DD7F2} [2012.10.13 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.10.13 21:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\Abelssoft [2012.10.13 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti [2012.10.13 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UpdateYeti [2012.10.13 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\Desktop\Trek Stor [2012.10.13 11:36:07 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{0A2DCC9C-3251-4E73-9CCB-B5E015394212} [2012.10.12 18:16:22 | 000,000,000 | ---D | C] -- C:\Users\Rene Geißler\AppData\Local\{D273C468-11C0-4FB3-A0F0-A4AADE20F3E2} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.10 21:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 16:36:56 | 001,526,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.10 16:36:56 | 000,668,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.10 16:36:56 | 000,620,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.10 16:36:56 | 000,134,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.10 16:36:56 | 000,110,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:53:20 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 13:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 13:45:50 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.11.04 22:45:06 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.28 21:17:23 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 14:25:50 | 000,014,743 | ---- | M] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.14 11:58:22 | 000,001,562 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.26 14:25:48 | 000,014,743 | ---- | C] () -- C:\Users\Rene Geißler\Documents\Linda (Geschichte für die Schule).odt [2012.10.20 00:46:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.10.19 21:44:39 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Video Converter 2012.lnk [2012.10.19 21:38:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.10.14 11:58:22 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Blu-Ray in iPhone und iPad Converter GW.lnk [2012.10.14 11:58:20 | 000,003,945 | ---- | C] () -- C:\Windows\SysWow64\thdudf.inf [2012.02.11 12:58:30 | 000,098,344 | ---- | C] () -- C:\Windows\unPMV.exe [2012.02.07 22:44:56 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Abelssoft [2012.02.17 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Canneverbe Limited [2012.10.19 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Leawo [2012.02.13 23:15:10 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Need for Speed World [2012.02.27 21:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\OpenOffice.org [2012.02.07 22:45:47 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\SoftMaker [2012.10.14 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\tiger-k [2012.04.22 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Rene Geißler\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
|
10.11.2012, 22:32
| #4 |
| | von 1&1 über Trojaner Torpig informiert OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2012 22:18:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rene Geißler\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 50,43% Memory free
8,00 Gb Paging File | 5,82 Gb Available in Paging File | 72,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,77 Gb Total Space | 19,33 Gb Free Space | 17,93% Space Free | Partition Type: NTFS
Drive D: | 178,99 Gb Total Space | 151,85 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
Drive E: | 179,00 Gb Total Space | 61,36 Gb Free Space | 34,28% Space Free | Partition Type: NTFS
Computer Name: HÖLLENMASCHINE | User Name: Rene Geißler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-4161975604-971923823-3228321193-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0267F1CB-68AC-461C-81D9-DC1536AF18AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{02D7AEDF-30FF-4D1C-9EEE-1F9A655EF2EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04E52ED5-5117-4C91-A85A-921591E99A06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{05088259-213B-4393-9098-4662BF01F4E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{06407466-1B82-4689-AD27-EB8D929E779A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{065940B4-A6C2-456A-AA86-8565B14B44D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FB2BCD5-AE76-451D-8D00-2714B6FA07A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{151A6072-637C-44F2-BCDC-95362A223043}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{245975FD-D708-4480-A98C-C57231B8704B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3AF7C568-AF0E-4DAB-B91F-C6CFF052F2A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{43C7EB41-B80C-41F7-B1FA-F05ECA0788C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5117E83B-D2EA-4635-9E7A-4E87CD02489A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5201059D-E9AA-4BE1-A82D-0BD348CED39A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BC9664B-1613-41CF-A990-2F6797E5047D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7729166F-2683-4F95-9A8F-3510C5AF3738}" = rport=445 | protocol=6 | dir=out | app=system |
"{880D3868-2937-472F-A8F1-62A0255D91E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99D29C1C-FD83-4425-B998-45FFEBE93E25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A16810F9-EDE3-4338-A0F1-4CE0454DC3B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC8D8AA8-B336-4792-B999-82EA8314844A}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD87CCE6-2A5C-4964-984E-99651337CFE6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0E8D136-AB84-4A50-BBA8-E936FB9949E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8033571-187E-4D14-BB36-92C785595F61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D38DDA34-5F8A-4A55-A7DA-2AE3D797F8BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3D81A3C-4C8A-45F2-A1C5-F8F8D7B7A2D6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFD5FFE0-C1A7-483D-A36F-96651FF38CBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0909AEA9-DF02-47AE-9A3E-4D125DF51478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DC6C2D7-669C-488D-BA5A-0F57890CD5F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2600CB9F-503A-489E-9DD3-EAEAFAE59956}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36255353-1299-4DE8-BA7D-78E135BD3588}" = protocol=6 | dir=out | app=system |
"{3971B8E5-246D-4FE6-8534-B41F6C220AF3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F360C65-2A64-4768-B252-32C677E1031F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8FC224-15A6-4EEB-A671-BEC4B49990FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6204E471-3E94-4872-AF92-F1ACF264A06A}" = protocol=6 | dir=in | app=c:\users\rene geissler\appdata\local\apps\2.0\8qgzkmya.kbo\9x7l1n20.zn1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{6B3A0BF2-BF57-415E-AAAB-0BD83F6BA652}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86EDC98B-DD0C-434A-B5C1-A9C8166333E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88165600-DB74-4890-A5B4-3E0CCC9A467A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8E282B1B-6383-4550-805C-6409E710B476}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{905BB02B-6287-4A1E-AFB9-1C782B47A963}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C8963AD-13F4-41E2-9225-8F1FF7516E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt2\dirt2_game.exe |
"{A2B04FDC-DAC1-4AE4-A162-36C1CD11AF8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A490F1C2-9568-4DCB-8C44-A268A2628054}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt2\dirt2_game.exe |
"{A61EEB9C-4AEF-4DCA-B29C-8EA18FF129B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C33E4CF6-2412-4242-ADA7-ADE726EB69C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA6C8E81-840E-4E09-82BB-997B807718E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF0EE19D-9569-40B8-85D2-98B2DCDC4133}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D20B3B70-1F4D-48C6-9029-56AEAE6D6156}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3F72059-F78F-4497-B1DF-73ED1AC18AC6}" = protocol=17 | dir=in | app=c:\users\rene geissler\appdata\local\apps\2.0\8qgzkmya.kbo\9x7l1n20.zn1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E79890AD-A737-4DA6-BAF9-6CBB161AD709}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ECDF0A59-C590-443C-916A-24B7D56D1530}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F415896E-85F5-49EF-8248-CAD4D9012FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{FCF82588-D6F9-4875-86B4-96CAA1018C5C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{FD8D160F-1A64-41F6-8A62-563A6E6FED06}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3B79863-74A7-437D-94A5-BA2A0B4344F7}_is1" = Leawo Blu-Ray in iPhone und iPad Converter GW Version 4.2.0.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A8AB05-5217-4D9E-AE90-2BA8B9FB8496}_is1" = Leawo Video Converter 2012 Version 4.1.0.0
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA3CD554-A1E2-11D3-B4C5-006067326BA5}" = MDK2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.20
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PlanMaker Viewer" = PlanMaker Viewer
"TextMaker Viewer" = TextMaker Viewer
"UpdateYeti_is1" = UpdateYeti
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.10.2012 04:20:34 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 9000
Description =
Error - 21.10.2012 04:20:34 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 7040
Description =
Error - 21.10.2012 04:20:34 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 7042
Description =
Error - 21.10.2012 04:20:34 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 9002
Description =
Error - 21.10.2012 04:20:34 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 3029
Description =
Error - 21.10.2012 04:20:35 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 3029
Description =
Error - 21.10.2012 04:20:36 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 3028
Description =
Error - 21.10.2012 04:20:36 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 3058
Description =
Error - 21.10.2012 04:20:36 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 7010
Description =
Error - 21.10.2012 04:21:10 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 1019
Description =
Error - 04.11.2012 17:50:42 | Computer Name = Höllenmaschine | Source = Windows Search Service | ID = 1019
Description =
[ Media Center Events ]
Error - 09.02.2012 05:36:16 | Computer Name = Höllenmaschine | Source = MCUpdate | ID = 0
Description = 10:36:16 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 08.11.2012 15:07:35 | Computer Name = Höllenmaschine | Source = MCUpdate | ID = 0
Description = 20:07:35 - Fehler beim Herstellen der Internetverbindung. 20:07:35
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 02.08.2012 16:48:59 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.08.2012 16:57:00 | Computer Name = Höllenmaschine | Source = DCOM | ID = 10010
Description =
Error - 03.08.2012 11:27:17 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.08.2012 05:43:58 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.08.2012 11:36:49 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 05.08.2012 04:57:16 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 05.08.2012 14:39:49 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 05.08.2012 18:15:29 | Computer Name = Höllenmaschine | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?08.?2012 um 00:05:38 unerwartet heruntergefahren.
Error - 05.08.2012 18:15:23 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 12.08.2012 11:33:53 | Computer Name = Höllenmaschine | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
sorry, es hakte ein bißchen.... |
|
10.11.2012, 23:00
| #5 |
| /// Malware-holic | von 1&1 über Trojaner Torpig informiert hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2012, 23:13
| #6 |
| | von 1&1 über Trojaner Torpig informiert 23:05:07.0815 3472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:05:08.0221 3472 ============================================================ 23:05:08.0221 3472 Current date / time: 2012/11/10 23:05:08.0221 23:05:08.0221 3472 SystemInfo: 23:05:08.0221 3472 23:05:08.0221 3472 OS Version: 6.1.7601 ServicePack: 1.0 23:05:08.0221 3472 Product type: Workstation 23:05:08.0221 3472 ComputerName: HÖLLENMASCHINE 23:05:08.0221 3472 UserName: Rene Geißler 23:05:08.0221 3472 Windows directory: C:\Windows 23:05:08.0221 3472 System windows directory: C:\Windows 23:05:08.0221 3472 Running under WOW64 23:05:08.0221 3472 Processor architecture: Intel x64 23:05:08.0221 3472 Number of processors: 4 23:05:08.0221 3472 Page size: 0x1000 23:05:08.0221 3472 Boot type: Normal boot 23:05:08.0221 3472 ============================================================ 23:05:09.0221 3472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:05:09.0221 3472 ============================================================ 23:05:09.0221 3472 \Device\Harddisk0\DR0: 23:05:09.0221 3472 MBR partitions: 23:05:09.0221 3472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD7885B5 23:05:09.0221 3472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD788633, BlocksNum 0x165FC387 23:05:09.0237 3472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23D849F9, BlocksNum 0x16600248 23:05:09.0237 3472 ============================================================ 23:05:09.0252 3472 C: <-> \Device\Harddisk0\DR0\Partition1 23:05:09.0284 3472 D: <-> \Device\Harddisk0\DR0\Partition2 23:05:09.0331 3472 E: <-> \Device\Harddisk0\DR0\Partition3 23:05:09.0331 3472 ============================================================ 23:05:09.0331 3472 Initialize success 23:05:09.0331 3472 ============================================================ 23:05:30.0456 2180 ============================================================ 23:05:30.0456 2180 Scan started 23:05:30.0456 2180 Mode: Manual; 23:05:30.0456 2180 ============================================================ 23:05:31.0143 2180 ================ Scan services ============================= 23:05:31.0284 2180 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:05:31.0284 2180 1394ohci - ok 23:05:31.0315 2180 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:05:31.0315 2180 ACPI - ok 23:05:31.0331 2180 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:05:31.0331 2180 AcpiPmi - ok 23:05:31.0393 2180 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:05:31.0393 2180 AdobeARMservice - ok 23:05:31.0502 2180 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:05:31.0502 2180 AdobeFlashPlayerUpdateSvc - ok 23:05:31.0534 2180 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:05:31.0534 2180 adp94xx - ok 23:05:31.0549 2180 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:05:31.0565 2180 adpahci - ok 23:05:31.0581 2180 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:05:31.0581 2180 adpu320 - ok 23:05:31.0612 2180 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:05:31.0612 2180 AeLookupSvc - ok 23:05:31.0643 2180 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 23:05:31.0659 2180 AFD - ok 23:05:31.0706 2180 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:05:31.0706 2180 agp440 - ok 23:05:31.0721 2180 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:05:31.0721 2180 ALG - ok 23:05:31.0737 2180 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 23:05:31.0737 2180 aliide - ok 23:05:31.0737 2180 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 23:05:31.0737 2180 amdide - ok 23:05:31.0752 2180 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:05:31.0768 2180 AmdK8 - ok 23:05:31.0768 2180 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:05:31.0768 2180 AmdPPM - ok 23:05:31.0799 2180 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:05:31.0799 2180 amdsata - ok 23:05:31.0831 2180 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:05:31.0831 2180 amdsbs - ok 23:05:31.0846 2180 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:05:31.0846 2180 amdxata - ok 23:05:31.0909 2180 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 23:05:31.0909 2180 AntiVirSchedulerService - ok 23:05:31.0940 2180 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 23:05:31.0940 2180 AntiVirService - ok 23:05:31.0971 2180 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 23:05:31.0987 2180 AppID - ok 23:05:31.0987 2180 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:05:31.0987 2180 AppIDSvc - ok 23:05:32.0034 2180 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 23:05:32.0034 2180 Appinfo - ok 23:05:32.0049 2180 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 23:05:32.0065 2180 arc - ok 23:05:32.0065 2180 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:05:32.0065 2180 arcsas - ok 23:05:32.0096 2180 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:05:32.0096 2180 AsyncMac - ok 23:05:32.0112 2180 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 23:05:32.0112 2180 atapi - ok 23:05:32.0143 2180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:05:32.0159 2180 AudioEndpointBuilder - ok 23:05:32.0174 2180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:05:32.0174 2180 AudioSrv - ok 23:05:32.0190 2180 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:05:32.0190 2180 avgntflt - ok 23:05:32.0206 2180 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:05:32.0221 2180 avipbb - ok 23:05:32.0221 2180 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:05:32.0237 2180 avkmgr - ok 23:05:32.0268 2180 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:05:32.0268 2180 AxInstSV - ok 23:05:32.0299 2180 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 23:05:32.0315 2180 b06bdrv - ok 23:05:32.0331 2180 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:05:32.0346 2180 b57nd60a - ok 23:05:32.0377 2180 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:05:32.0393 2180 BDESVC - ok 23:05:32.0409 2180 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:05:32.0409 2180 Beep - ok 23:05:32.0456 2180 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 23:05:32.0487 2180 BFE - ok 23:05:32.0518 2180 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 23:05:32.0534 2180 BITS - ok 23:05:32.0565 2180 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:05:32.0565 2180 blbdrive - ok 23:05:32.0581 2180 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:05:32.0581 2180 bowser - ok 23:05:32.0596 2180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:05:32.0596 2180 BrFiltLo - ok 23:05:32.0612 2180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:05:32.0612 2180 BrFiltUp - ok 23:05:32.0643 2180 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 23:05:32.0643 2180 Browser - ok 23:05:32.0674 2180 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:05:32.0674 2180 Brserid - ok 23:05:32.0690 2180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:05:32.0690 2180 BrSerWdm - ok 23:05:32.0706 2180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:05:32.0706 2180 BrUsbMdm - ok 23:05:32.0721 2180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:05:32.0721 2180 BrUsbSer - ok 23:05:32.0768 2180 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 23:05:32.0768 2180 BthEnum - ok 23:05:32.0784 2180 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:05:32.0784 2180 BTHMODEM - ok 23:05:32.0815 2180 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:05:32.0815 2180 BthPan - ok 23:05:32.0846 2180 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 23:05:32.0862 2180 BTHPORT - ok 23:05:32.0877 2180 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:05:32.0893 2180 bthserv - ok 23:05:32.0909 2180 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 23:05:32.0924 2180 BTHUSB - ok 23:05:32.0940 2180 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:05:32.0940 2180 cdfs - ok 23:05:32.0971 2180 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:05:32.0987 2180 cdrom - ok 23:05:33.0018 2180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 23:05:33.0018 2180 CertPropSvc - ok 23:05:33.0034 2180 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:05:33.0049 2180 circlass - ok 23:05:33.0065 2180 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:05:33.0065 2180 CLFS - ok 23:05:33.0127 2180 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:05:33.0127 2180 clr_optimization_v2.0.50727_32 - ok 23:05:33.0174 2180 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:05:33.0174 2180 clr_optimization_v2.0.50727_64 - ok 23:05:33.0252 2180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:05:33.0268 2180 clr_optimization_v4.0.30319_32 - ok 23:05:33.0284 2180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:05:33.0284 2180 clr_optimization_v4.0.30319_64 - ok 23:05:33.0299 2180 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:05:33.0299 2180 CmBatt - ok 23:05:33.0315 2180 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:05:33.0315 2180 cmdide - ok 23:05:33.0346 2180 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 23:05:33.0362 2180 CNG - ok 23:05:33.0377 2180 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:05:33.0377 2180 Compbatt - ok 23:05:33.0409 2180 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:05:33.0409 2180 CompositeBus - ok 23:05:33.0424 2180 COMSysApp - ok 23:05:33.0440 2180 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:05:33.0440 2180 crcdisk - ok 23:05:33.0471 2180 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:05:33.0471 2180 CryptSvc - ok 23:05:33.0518 2180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:05:33.0534 2180 DcomLaunch - ok 23:05:33.0565 2180 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:05:33.0581 2180 defragsvc - ok 23:05:33.0596 2180 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:05:33.0596 2180 DfsC - ok 23:05:33.0627 2180 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 23:05:33.0643 2180 Dhcp - ok 23:05:33.0659 2180 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:05:33.0659 2180 discache - ok 23:05:33.0690 2180 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:05:33.0706 2180 Disk - ok 23:05:33.0721 2180 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:05:33.0737 2180 Dnscache - ok 23:05:33.0752 2180 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:05:33.0768 2180 dot3svc - ok 23:05:33.0799 2180 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 23:05:33.0799 2180 DPS - ok 23:05:33.0815 2180 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:05:33.0815 2180 drmkaud - ok 23:05:33.0846 2180 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:05:33.0862 2180 DXGKrnl - ok 23:05:33.0893 2180 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:05:33.0893 2180 EapHost - ok 23:05:33.0956 2180 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 23:05:34.0018 2180 ebdrv - ok 23:05:34.0034 2180 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 23:05:34.0034 2180 EFS - ok 23:05:34.0081 2180 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:05:34.0096 2180 ehRecvr - ok 23:05:34.0127 2180 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:05:34.0127 2180 ehSched - ok 23:05:34.0159 2180 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:05:34.0174 2180 elxstor - ok 23:05:34.0190 2180 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:05:34.0190 2180 ErrDev - ok 23:05:34.0221 2180 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:05:34.0237 2180 EventSystem - ok 23:05:34.0252 2180 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:05:34.0252 2180 exfat - ok 23:05:34.0268 2180 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:05:34.0268 2180 fastfat - ok 23:05:34.0315 2180 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 23:05:34.0331 2180 Fax - ok 23:05:34.0362 2180 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:05:34.0362 2180 fdc - ok 23:05:34.0377 2180 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:05:34.0377 2180 fdPHost - ok 23:05:34.0393 2180 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:05:34.0393 2180 FDResPub - ok 23:05:34.0409 2180 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:05:34.0409 2180 FileInfo - ok 23:05:34.0424 2180 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:05:34.0424 2180 Filetrace - ok 23:05:34.0440 2180 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:05:34.0440 2180 flpydisk - ok 23:05:34.0471 2180 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:05:34.0487 2180 FltMgr - ok 23:05:34.0518 2180 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 23:05:34.0549 2180 FontCache - ok 23:05:34.0596 2180 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:05:34.0596 2180 FontCache3.0.0.0 - ok 23:05:34.0612 2180 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:05:34.0612 2180 FsDepends - ok 23:05:34.0643 2180 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:05:34.0643 2180 Fs_Rec - ok 23:05:34.0674 2180 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:05:34.0690 2180 fvevol - ok 23:05:34.0706 2180 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:05:34.0706 2180 gagp30kx - ok 23:05:34.0737 2180 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 23:05:34.0768 2180 gpsvc - ok 23:05:34.0784 2180 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:05:34.0784 2180 hcw85cir - ok 23:05:34.0831 2180 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:05:34.0831 2180 HdAudAddService - ok 23:05:34.0846 2180 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:05:34.0846 2180 HDAudBus - ok 23:05:34.0862 2180 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:05:34.0862 2180 HidBatt - ok 23:05:34.0877 2180 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:05:34.0877 2180 HidBth - ok 23:05:34.0893 2180 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:05:34.0893 2180 HidIr - ok 23:05:34.0924 2180 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 23:05:34.0924 2180 hidserv - ok 23:05:34.0940 2180 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:05:34.0956 2180 HidUsb - ok 23:05:34.0987 2180 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:05:34.0987 2180 hkmsvc - ok 23:05:35.0018 2180 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:05:35.0018 2180 HomeGroupListener - ok 23:05:35.0034 2180 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:05:35.0049 2180 HomeGroupProvider - ok 23:05:35.0065 2180 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:05:35.0065 2180 HpSAMD - ok 23:05:35.0096 2180 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:05:35.0112 2180 HTTP - ok 23:05:35.0143 2180 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:05:35.0143 2180 hwpolicy - ok 23:05:35.0174 2180 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:05:35.0174 2180 i8042prt - ok 23:05:35.0206 2180 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:05:35.0221 2180 iaStorV - ok 23:05:35.0252 2180 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:05:35.0268 2180 idsvc - ok 23:05:35.0299 2180 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:05:35.0299 2180 iirsp - ok 23:05:35.0331 2180 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 23:05:35.0362 2180 IKEEXT - ok 23:05:35.0377 2180 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 23:05:35.0377 2180 intelide - ok 23:05:35.0424 2180 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:05:35.0440 2180 intelppm - ok 23:05:35.0534 2180 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:05:35.0534 2180 IPBusEnum - ok 23:05:35.0565 2180 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:05:35.0565 2180 IpFilterDriver - ok 23:05:35.0596 2180 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:05:35.0612 2180 iphlpsvc - ok 23:05:35.0627 2180 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:05:35.0627 2180 IPMIDRV - ok 23:05:35.0643 2180 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:05:35.0659 2180 IPNAT - ok 23:05:35.0674 2180 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:05:35.0674 2180 IRENUM - ok 23:05:35.0690 2180 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:05:35.0690 2180 isapnp - ok 23:05:35.0706 2180 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:05:35.0721 2180 iScsiPrt - ok 23:05:35.0752 2180 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:05:35.0752 2180 kbdclass - ok 23:05:35.0768 2180 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:05:35.0784 2180 kbdhid - ok 23:05:35.0784 2180 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 23:05:35.0784 2180 KeyIso - ok 23:05:35.0815 2180 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:05:35.0815 2180 KSecDD - ok 23:05:35.0846 2180 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:05:35.0862 2180 KSecPkg - ok 23:05:35.0862 2180 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:05:35.0877 2180 ksthunk - ok 23:05:35.0909 2180 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:05:35.0924 2180 KtmRm - ok 23:05:35.0940 2180 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:05:35.0971 2180 LanmanServer - ok 23:05:35.0987 2180 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:05:36.0002 2180 LanmanWorkstation - ok 23:05:36.0018 2180 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:05:36.0018 2180 lltdio - ok 23:05:36.0049 2180 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:05:36.0065 2180 lltdsvc - ok 23:05:36.0081 2180 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:05:36.0081 2180 lmhosts - ok 23:05:36.0096 2180 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:05:36.0096 2180 LSI_FC - ok 23:05:36.0112 2180 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:05:36.0112 2180 LSI_SAS - ok 23:05:36.0127 2180 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:05:36.0143 2180 LSI_SAS2 - ok 23:05:36.0159 2180 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:05:36.0159 2180 LSI_SCSI - ok 23:05:36.0174 2180 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:05:36.0174 2180 luafv - ok 23:05:36.0206 2180 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:05:36.0206 2180 Mcx2Svc - ok 23:05:36.0221 2180 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:05:36.0221 2180 megasas - ok 23:05:36.0237 2180 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:05:36.0252 2180 MegaSR - ok 23:05:36.0268 2180 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:05:36.0268 2180 MMCSS - ok 23:05:36.0299 2180 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:05:36.0299 2180 Modem - ok 23:05:36.0346 2180 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:05:36.0346 2180 monitor - ok 23:05:36.0346 2180 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:05:36.0346 2180 mouclass - ok 23:05:36.0362 2180 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:05:36.0377 2180 mouhid - ok 23:05:36.0409 2180 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:05:36.0409 2180 mountmgr - ok 23:05:36.0440 2180 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:05:36.0440 2180 MozillaMaintenance - ok 23:05:36.0456 2180 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 23:05:36.0471 2180 mpio - ok 23:05:36.0471 2180 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:05:36.0471 2180 mpsdrv - ok 23:05:36.0502 2180 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:05:36.0518 2180 MpsSvc - ok 23:05:36.0549 2180 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:05:36.0565 2180 MRxDAV - ok 23:05:36.0596 2180 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:05:36.0596 2180 mrxsmb - ok 23:05:36.0612 2180 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:05:36.0627 2180 mrxsmb10 - ok 23:05:36.0643 2180 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:05:36.0659 2180 mrxsmb20 - ok 23:05:36.0659 2180 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 23:05:36.0674 2180 msahci - ok 23:05:36.0690 2180 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:05:36.0690 2180 msdsm - ok 23:05:36.0706 2180 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:05:36.0721 2180 MSDTC - ok 23:05:36.0737 2180 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:05:36.0737 2180 Msfs - ok 23:05:36.0752 2180 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:05:36.0752 2180 mshidkmdf - ok 23:05:36.0768 2180 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:05:36.0784 2180 msisadrv - ok 23:05:36.0799 2180 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:05:36.0799 2180 MSiSCSI - ok 23:05:36.0815 2180 msiserver - ok 23:05:36.0831 2180 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:05:36.0846 2180 MSKSSRV - ok 23:05:36.0846 2180 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:05:36.0846 2180 MSPCLOCK - ok 23:05:36.0862 2180 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:05:36.0877 2180 MSPQM - ok 23:05:36.0893 2180 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:05:36.0909 2180 MsRPC - ok 23:05:36.0940 2180 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:05:36.0940 2180 mssmbios - ok 23:05:36.0956 2180 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:05:36.0971 2180 MSTEE - ok 23:05:36.0987 2180 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:05:36.0987 2180 MTConfig - ok 23:05:37.0002 2180 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:05:37.0002 2180 Mup - ok 23:05:37.0034 2180 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 23:05:37.0049 2180 napagent - ok 23:05:37.0065 2180 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:05:37.0081 2180 NativeWifiP - ok 23:05:37.0127 2180 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:05:37.0143 2180 NDIS - ok 23:05:37.0159 2180 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:05:37.0174 2180 NdisCap - ok 23:05:37.0190 2180 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:05:37.0190 2180 NdisTapi - ok 23:05:37.0221 2180 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:05:37.0221 2180 Ndisuio - ok 23:05:37.0252 2180 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:05:37.0252 2180 NdisWan - ok 23:05:37.0268 2180 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:05:37.0284 2180 NDProxy - ok 23:05:37.0299 2180 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:05:37.0315 2180 NetBIOS - ok 23:05:37.0331 2180 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:05:37.0346 2180 NetBT - ok 23:05:37.0346 2180 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 23:05:37.0362 2180 Netlogon - ok 23:05:37.0393 2180 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:05:37.0409 2180 Netman - ok 23:05:37.0424 2180 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:05:37.0440 2180 netprofm - ok 23:05:37.0456 2180 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:05:37.0456 2180 NetTcpPortSharing - ok 23:05:37.0471 2180 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:05:37.0487 2180 nfrd960 - ok 23:05:37.0502 2180 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:05:37.0518 2180 NlaSvc - ok 23:05:37.0534 2180 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:05:37.0534 2180 Npfs - ok 23:05:37.0549 2180 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:05:37.0549 2180 nsi - ok 23:05:37.0549 2180 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:05:37.0565 2180 nsiproxy - ok 23:05:37.0612 2180 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:05:37.0643 2180 Ntfs - ok 23:05:37.0643 2180 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:05:37.0643 2180 Null - ok 23:05:37.0690 2180 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 23:05:37.0706 2180 NVHDA - ok 23:05:37.0924 2180 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:05:38.0127 2180 nvlddmkm - ok 23:05:38.0143 2180 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:05:38.0159 2180 nvraid - ok 23:05:38.0174 2180 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:05:38.0190 2180 nvstor - ok 23:05:38.0206 2180 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] nvsvc C:\Windows\system32\nvvsvc.exe 23:05:38.0237 2180 nvsvc - ok 23:05:38.0284 2180 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 23:05:38.0346 2180 nvUpdatusService - ok 23:05:38.0362 2180 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:05:38.0377 2180 nv_agp - ok 23:05:38.0393 2180 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:05:38.0393 2180 ohci1394 - ok 23:05:38.0440 2180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:05:38.0440 2180 p2pimsvc - ok 23:05:38.0471 2180 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:05:38.0471 2180 p2psvc - ok 23:05:38.0502 2180 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:05:38.0502 2180 Parport - ok 23:05:38.0518 2180 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:05:38.0534 2180 partmgr - ok 23:05:38.0549 2180 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:05:38.0549 2180 PcaSvc - ok 23:05:38.0565 2180 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 23:05:38.0581 2180 pci - ok 23:05:38.0596 2180 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 23:05:38.0612 2180 pciide - ok 23:05:38.0627 2180 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:05:38.0627 2180 pcmcia - ok 23:05:38.0643 2180 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:05:38.0643 2180 pcw - ok 23:05:38.0659 2180 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:05:38.0690 2180 PEAUTH - ok 23:05:38.0752 2180 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:05:38.0752 2180 PerfHost - ok 23:05:38.0799 2180 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 23:05:38.0831 2180 pla - ok 23:05:38.0862 2180 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:05:38.0877 2180 PlugPlay - ok 23:05:38.0893 2180 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:05:38.0893 2180 PNRPAutoReg - ok 23:05:38.0909 2180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:05:38.0909 2180 PNRPsvc - ok 23:05:38.0924 2180 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:05:38.0940 2180 PolicyAgent - ok 23:05:38.0971 2180 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:05:38.0971 2180 Power - ok 23:05:38.0987 2180 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:05:39.0002 2180 PptpMiniport - ok 23:05:39.0002 2180 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:05:39.0018 2180 Processor - ok 23:05:39.0049 2180 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 23:05:39.0065 2180 ProfSvc - ok 23:05:39.0065 2180 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:05:39.0081 2180 ProtectedStorage - ok 23:05:39.0112 2180 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:05:39.0112 2180 Psched - ok 23:05:39.0143 2180 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:05:39.0159 2180 ql2300 - ok 23:05:39.0190 2180 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:05:39.0190 2180 ql40xx - ok 23:05:39.0221 2180 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:05:39.0221 2180 QWAVE - ok 23:05:39.0237 2180 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:05:39.0237 2180 QWAVEdrv - ok 23:05:39.0252 2180 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:05:39.0252 2180 RasAcd - ok 23:05:39.0268 2180 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:05:39.0268 2180 RasAgileVpn - ok 23:05:39.0284 2180 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:05:39.0284 2180 RasAuto - ok 23:05:39.0315 2180 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:05:39.0315 2180 Rasl2tp - ok 23:05:39.0346 2180 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 23:05:39.0362 2180 RasMan - ok 23:05:39.0377 2180 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:05:39.0377 2180 RasPppoe - ok 23:05:39.0393 2180 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:05:39.0393 2180 RasSstp - ok 23:05:39.0424 2180 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:05:39.0424 2180 rdbss - ok 23:05:39.0440 2180 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:05:39.0440 2180 rdpbus - ok 23:05:39.0456 2180 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:05:39.0456 2180 RDPCDD - ok 23:05:39.0471 2180 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:05:39.0471 2180 RDPENCDD - ok 23:05:39.0487 2180 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:05:39.0487 2180 RDPREFMP - ok 23:05:39.0518 2180 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:05:39.0518 2180 RDPWD - ok 23:05:39.0549 2180 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:05:39.0549 2180 rdyboost - ok 23:05:39.0565 2180 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:05:39.0581 2180 RemoteAccess - ok 23:05:39.0596 2180 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:05:39.0596 2180 RemoteRegistry - ok 23:05:39.0643 2180 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:05:39.0643 2180 RFCOMM - ok 23:05:39.0659 2180 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:05:39.0659 2180 RpcEptMapper - ok 23:05:39.0690 2180 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:05:39.0690 2180 RpcLocator - ok 23:05:39.0721 2180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 23:05:39.0721 2180 RpcSs - ok 23:05:39.0737 2180 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:05:39.0737 2180 rspndr - ok 23:05:39.0768 2180 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 23:05:39.0768 2180 RTL8167 - ok 23:05:39.0799 2180 [ 5EDFCEE5682237607082880338415AA6 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 23:05:39.0831 2180 RTL8192su - ok 23:05:39.0831 2180 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 23:05:39.0846 2180 SamSs - ok 23:05:39.0877 2180 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:05:39.0877 2180 sbp2port - ok 23:05:39.0909 2180 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:05:39.0909 2180 SCardSvr - ok 23:05:39.0940 2180 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:05:39.0940 2180 scfilter - ok 23:05:39.0987 2180 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 23:05:40.0018 2180 Schedule - ok 23:05:40.0034 2180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:05:40.0034 2180 SCPolicySvc - ok 23:05:40.0065 2180 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:05:40.0081 2180 SDRSVC - ok 23:05:40.0096 2180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:05:40.0096 2180 secdrv - ok 23:05:40.0127 2180 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 23:05:40.0127 2180 seclogon - ok 23:05:40.0143 2180 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 23:05:40.0143 2180 SENS - ok 23:05:40.0159 2180 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:05:40.0159 2180 SensrSvc - ok 23:05:40.0174 2180 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:05:40.0174 2180 Serenum - ok 23:05:40.0190 2180 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:05:40.0206 2180 Serial - ok 23:05:40.0206 2180 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:05:40.0221 2180 sermouse - ok 23:05:40.0252 2180 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 23:05:40.0252 2180 SessionEnv - ok 23:05:40.0284 2180 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:05:40.0284 2180 sffdisk - ok 23:05:40.0299 2180 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:05:40.0299 2180 sffp_mmc - ok 23:05:40.0299 2180 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:05:40.0299 2180 sffp_sd - ok 23:05:40.0331 2180 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:05:40.0331 2180 sfloppy - ok 23:05:40.0362 2180 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:05:40.0377 2180 SharedAccess - ok 23:05:40.0409 2180 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:05:40.0409 2180 ShellHWDetection - ok 23:05:40.0456 2180 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:05:40.0456 2180 SiSRaid2 - ok 23:05:40.0471 2180 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:05:40.0487 2180 SiSRaid4 - ok 23:05:40.0502 2180 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:05:40.0502 2180 Smb - ok 23:05:40.0534 2180 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:05:40.0534 2180 SNMPTRAP - ok 23:05:40.0549 2180 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:05:40.0549 2180 spldr - ok 23:05:40.0612 2180 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 23:05:40.0627 2180 Spooler - ok 23:05:40.0706 2180 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 23:05:40.0752 2180 sppsvc - ok 23:05:40.0768 2180 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:05:40.0768 2180 sppuinotify - ok 23:05:40.0799 2180 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 23:05:40.0815 2180 srv - ok 23:05:40.0831 2180 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:05:40.0846 2180 srv2 - ok 23:05:40.0877 2180 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:05:40.0877 2180 srvnet - ok 23:05:40.0893 2180 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:05:40.0909 2180 SSDPSRV - ok 23:05:40.0924 2180 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:05:40.0924 2180 SstpSvc - ok 23:05:40.0987 2180 [ 6086B60F2E36D06A063CB07ED0524332 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 23:05:40.0987 2180 Stereo Service - ok 23:05:41.0018 2180 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:05:41.0018 2180 stexstor - ok 23:05:41.0049 2180 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 23:05:41.0065 2180 stisvc - ok 23:05:41.0081 2180 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 23:05:41.0081 2180 swenum - ok 23:05:41.0112 2180 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:05:41.0127 2180 swprv - ok 23:05:41.0174 2180 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 23:05:41.0206 2180 SysMain - ok 23:05:41.0237 2180 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:05:41.0237 2180 TabletInputService - ok 23:05:41.0252 2180 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:05:41.0284 2180 TapiSrv - ok 23:05:41.0299 2180 TBPanel - ok 23:05:41.0315 2180 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:05:41.0315 2180 TBS - ok 23:05:41.0362 2180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:05:41.0409 2180 Tcpip - ok 23:05:41.0456 2180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:05:41.0471 2180 TCPIP6 - ok 23:05:41.0502 2180 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:05:41.0502 2180 tcpipreg - ok 23:05:41.0518 2180 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:05:41.0534 2180 TDPIPE - ok 23:05:41.0549 2180 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:05:41.0549 2180 TDTCP - ok 23:05:41.0581 2180 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:05:41.0596 2180 tdx - ok 23:05:41.0596 2180 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:05:41.0612 2180 TermDD - ok 23:05:41.0643 2180 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 23:05:41.0659 2180 TermService - ok 23:05:41.0659 2180 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:05:41.0674 2180 Themes - ok 23:05:41.0690 2180 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:05:41.0690 2180 THREADORDER - ok 23:05:41.0706 2180 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:05:41.0706 2180 TrkWks - ok 23:05:41.0752 2180 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:05:41.0768 2180 TrustedInstaller - ok 23:05:41.0799 2180 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:05:41.0799 2180 tssecsrv - ok 23:05:41.0831 2180 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:05:41.0846 2180 TsUsbFlt - ok 23:05:41.0877 2180 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:05:41.0893 2180 tunnel - ok 23:05:41.0909 2180 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:05:41.0909 2180 uagp35 - ok 23:05:41.0940 2180 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:05:41.0956 2180 udfs - ok 23:05:41.0971 2180 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:05:41.0971 2180 UI0Detect - ok 23:05:41.0987 2180 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:05:42.0002 2180 uliagpkx - ok 23:05:42.0018 2180 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 23:05:42.0018 2180 umbus - ok 23:05:42.0034 2180 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:05:42.0049 2180 UmPass - ok 23:05:42.0065 2180 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:05:42.0065 2180 upnphost - ok 23:05:42.0096 2180 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:05:42.0096 2180 usbccgp - ok 23:05:42.0127 2180 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:05:42.0143 2180 usbcir - ok 23:05:42.0159 2180 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:05:42.0174 2180 usbehci - ok 23:05:42.0190 2180 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:05:42.0206 2180 usbhub - ok 23:05:42.0237 2180 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 23:05:42.0237 2180 usbohci - ok 23:05:42.0252 2180 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:05:42.0268 2180 usbprint - ok 23:05:42.0284 2180 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:05:42.0284 2180 usbscan - ok 23:05:42.0299 2180 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:05:42.0315 2180 USBSTOR - ok 23:05:42.0331 2180 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:05:42.0346 2180 usbuhci - ok 23:05:42.0346 2180 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:05:42.0362 2180 UxSms - ok 23:05:42.0377 2180 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 23:05:42.0377 2180 VaultSvc - ok 23:05:42.0393 2180 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:05:42.0393 2180 vdrvroot - ok 23:05:42.0424 2180 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 23:05:42.0440 2180 vds - ok 23:05:42.0440 2180 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:05:42.0456 2180 vga - ok 23:05:42.0456 2180 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:05:42.0471 2180 VgaSave - ok 23:05:42.0487 2180 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:05:42.0487 2180 vhdmp - ok 23:05:42.0502 2180 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 23:05:42.0502 2180 viaide - ok 23:05:42.0518 2180 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:05:42.0518 2180 volmgr - ok 23:05:42.0549 2180 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:05:42.0581 2180 volmgrx - ok 23:05:42.0581 2180 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:05:42.0581 2180 volsnap - ok 23:05:42.0612 2180 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:05:42.0612 2180 vsmraid - ok 23:05:42.0659 2180 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 23:05:42.0674 2180 VSS - ok 23:05:42.0690 2180 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 23:05:42.0706 2180 vwifibus - ok 23:05:42.0721 2180 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:05:42.0721 2180 vwififlt - ok 23:05:42.0752 2180 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:05:42.0752 2180 W32Time - ok 23:05:42.0768 2180 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:05:42.0768 2180 WacomPen - ok 23:05:42.0799 2180 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:05:42.0799 2180 WANARP - ok 23:05:42.0815 2180 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:05:42.0831 2180 Wanarpv6 - ok 23:05:42.0862 2180 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 23:05:42.0893 2180 wbengine - ok 23:05:42.0909 2180 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:05:42.0909 2180 WbioSrvc - ok 23:05:42.0940 2180 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:05:42.0940 2180 wcncsvc - ok 23:05:42.0956 2180 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:05:42.0956 2180 WcsPlugInService - ok 23:05:42.0987 2180 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:05:42.0987 2180 Wd - ok 23:05:43.0018 2180 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:05:43.0034 2180 Wdf01000 - ok 23:05:43.0049 2180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:05:43.0049 2180 WdiServiceHost - ok 23:05:43.0049 2180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:05:43.0049 2180 WdiSystemHost - ok 23:05:43.0081 2180 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 23:05:43.0081 2180 WebClient - ok 23:05:43.0096 2180 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:05:43.0096 2180 Wecsvc - ok 23:05:43.0112 2180 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:05:43.0112 2180 wercplsupport - ok 23:05:43.0112 2180 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:05:43.0112 2180 WerSvc - ok 23:05:43.0127 2180 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:05:43.0127 2180 WfpLwf - ok 23:05:43.0159 2180 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:05:43.0159 2180 WIMMount - ok 23:05:43.0159 2180 WinDefend - ok 23:05:43.0174 2180 WinHttpAutoProxySvc - ok 23:05:43.0221 2180 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:05:43.0237 2180 Winmgmt - ok 23:05:43.0284 2180 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 23:05:43.0315 2180 WinRM - ok 23:05:43.0362 2180 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:05:43.0362 2180 WinUsb - ok 23:05:43.0393 2180 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:05:43.0424 2180 Wlansvc - ok 23:05:43.0502 2180 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:05:43.0534 2180 wlidsvc - ok 23:05:43.0565 2180 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:05:43.0565 2180 WmiAcpi - ok 23:05:43.0596 2180 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:05:43.0596 2180 wmiApSrv - ok 23:05:43.0627 2180 WMPNetworkSvc - ok 23:05:43.0627 2180 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:05:43.0627 2180 WPCSvc - ok 23:05:43.0659 2180 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:05:43.0659 2180 WPDBusEnum - ok 23:05:43.0674 2180 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:05:43.0690 2180 ws2ifsl - ok 23:05:43.0706 2180 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 23:05:43.0706 2180 wscsvc - ok 23:05:43.0706 2180 WSearch - ok 23:05:43.0768 2180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 23:05:43.0799 2180 wuauserv - ok 23:05:43.0815 2180 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:05:43.0815 2180 WudfPf - ok 23:05:43.0846 2180 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:05:43.0846 2180 WUDFRd - ok 23:05:43.0877 2180 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:05:43.0893 2180 wudfsvc - ok 23:05:43.0909 2180 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:05:43.0909 2180 WwanSvc - ok 23:05:43.0924 2180 ================ Scan global =============================== 23:05:43.0956 2180 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:05:43.0971 2180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:05:43.0987 2180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:05:44.0034 2180 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:05:44.0049 2180 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:05:44.0049 2180 [Global] - ok 23:05:44.0049 2180 ================ Scan MBR ================================== 23:05:44.0065 2180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:05:44.0237 2180 \Device\Harddisk0\DR0 - ok 23:05:44.0237 2180 ================ Scan VBR ================================== 23:05:44.0237 2180 [ 00D88A0B337CEB90E4F76480784D7003 ] \Device\Harddisk0\DR0\Partition1 23:05:44.0237 2180 \Device\Harddisk0\DR0\Partition1 - ok 23:05:44.0252 2180 [ F44FE67D1A36560250CEB64304372FC4 ] \Device\Harddisk0\DR0\Partition2 23:05:44.0252 2180 \Device\Harddisk0\DR0\Partition2 - ok 23:05:44.0268 2180 [ F7DED93E7E6E1E327DE82E56CA3EBC1C ] \Device\Harddisk0\DR0\Partition3 23:05:44.0268 2180 \Device\Harddisk0\DR0\Partition3 - ok 23:05:44.0268 2180 ============================================================ 23:05:44.0268 2180 Scan finished 23:05:44.0268 2180 ============================================================ 23:05:44.0284 4612 Detected object count: 0 23:05:44.0284 4612 Actual detected object count: 0 23:07:18.0746 1240 ============================================================ 23:07:18.0746 1240 Scan started 23:07:18.0746 1240 Mode: Manual; SigCheck; TDLFS; 23:07:18.0746 1240 ============================================================ 23:07:19.0371 1240 ================ Scan system memory ======================== 23:07:19.0371 1240 System memory - ok 23:07:19.0371 1240 ================ Scan services ============================= 23:07:19.0496 1240 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:07:19.0558 1240 1394ohci - ok 23:07:19.0574 1240 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:07:19.0589 1240 ACPI - ok 23:07:19.0605 1240 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:07:19.0667 1240 AcpiPmi - ok 23:07:19.0746 1240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:07:19.0746 1240 AdobeARMservice - ok 23:07:19.0824 1240 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:07:19.0839 1240 AdobeFlashPlayerUpdateSvc - ok 23:07:19.0855 1240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:07:19.0871 1240 adp94xx - ok 23:07:19.0886 1240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:07:19.0902 1240 adpahci - ok 23:07:19.0917 1240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:07:19.0933 1240 adpu320 - ok 23:07:19.0964 1240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:07:20.0058 1240 AeLookupSvc - ok 23:07:20.0089 1240 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 23:07:20.0121 1240 AFD - ok 23:07:20.0152 1240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:07:20.0167 1240 agp440 - ok 23:07:20.0183 1240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:07:20.0214 1240 ALG - ok 23:07:20.0230 1240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 23:07:20.0246 1240 aliide - ok 23:07:20.0246 1240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 23:07:20.0261 1240 amdide - ok 23:07:20.0277 1240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:07:20.0324 1240 AmdK8 - ok 23:07:20.0339 1240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:07:20.0371 1240 AmdPPM - ok 23:07:20.0417 1240 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:07:20.0417 1240 amdsata - ok 23:07:20.0433 1240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:07:20.0464 1240 amdsbs - ok 23:07:20.0480 1240 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:07:20.0496 1240 amdxata - ok 23:07:20.0542 1240 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 23:07:20.0558 1240 AntiVirSchedulerService - ok 23:07:20.0589 1240 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 23:07:20.0589 1240 AntiVirService - ok 23:07:20.0621 1240 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 23:07:20.0730 1240 AppID - ok 23:07:20.0746 1240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:07:20.0792 1240 AppIDSvc - ok 23:07:20.0808 1240 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 23:07:20.0855 1240 Appinfo - ok 23:07:20.0871 1240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 23:07:20.0886 1240 arc - ok 23:07:20.0902 1240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:07:20.0917 1240 arcsas - ok 23:07:20.0917 1240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:07:20.0964 1240 AsyncMac - ok 23:07:20.0996 1240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 23:07:21.0011 1240 atapi - ok 23:07:21.0042 1240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:07:21.0089 1240 AudioEndpointBuilder - ok 23:07:21.0105 1240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:07:21.0152 1240 AudioSrv - ok 23:07:21.0152 1240 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:07:21.0199 1240 avgntflt - ok 23:07:21.0214 1240 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:07:21.0230 1240 avipbb - ok 23:07:21.0230 1240 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:07:21.0246 1240 avkmgr - ok 23:07:21.0261 1240 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:07:21.0324 1240 AxInstSV - ok 23:07:21.0355 1240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 23:07:21.0386 1240 b06bdrv - ok 23:07:21.0386 1240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:07:21.0433 1240 b57nd60a - ok 23:07:21.0449 1240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:07:21.0480 1240 BDESVC - ok 23:07:21.0496 1240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:07:21.0527 1240 Beep - ok 23:07:21.0558 1240 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 23:07:21.0605 1240 BFE - ok 23:07:21.0621 1240 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 23:07:21.0683 1240 BITS - ok 23:07:21.0699 1240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:07:21.0714 1240 blbdrive - ok 23:07:21.0730 1240 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:07:21.0746 1240 bowser - ok 23:07:21.0761 1240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:07:21.0824 1240 BrFiltLo - ok 23:07:21.0824 1240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:07:21.0839 1240 BrFiltUp - ok 23:07:21.0871 1240 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 23:07:21.0886 1240 Browser - ok 23:07:21.0902 1240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:07:21.0949 1240 Brserid - ok 23:07:21.0949 1240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:07:21.0980 1240 BrSerWdm - ok 23:07:21.0996 1240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:07:22.0011 1240 BrUsbMdm - ok 23:07:22.0027 1240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:07:22.0042 1240 BrUsbSer - ok 23:07:22.0058 1240 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 23:07:22.0121 1240 BthEnum - ok 23:07:22.0121 1240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:07:22.0152 1240 BTHMODEM - ok 23:07:22.0167 1240 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:07:22.0199 1240 BthPan - ok 23:07:22.0214 1240 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 23:07:22.0261 1240 BTHPORT - ok 23:07:22.0277 1240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:07:22.0324 1240 bthserv - ok 23:07:22.0339 1240 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 23:07:22.0355 1240 BTHUSB - ok 23:07:22.0371 1240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:07:22.0402 1240 cdfs - ok 23:07:22.0417 1240 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:07:22.0449 1240 cdrom - ok 23:07:22.0464 1240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 23:07:22.0542 1240 CertPropSvc - ok 23:07:22.0558 1240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:07:22.0574 1240 circlass - ok 23:07:22.0589 1240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:07:22.0605 1240 CLFS - ok 23:07:22.0667 1240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:07:22.0667 1240 clr_optimization_v2.0.50727_32 - ok 23:07:22.0714 1240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:07:22.0730 1240 clr_optimization_v2.0.50727_64 - ok 23:07:22.0777 1240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:07:22.0792 1240 clr_optimization_v4.0.30319_32 - ok 23:07:22.0808 1240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:07:22.0824 1240 clr_optimization_v4.0.30319_64 - ok 23:07:22.0839 1240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:07:22.0855 1240 CmBatt - ok 23:07:22.0871 1240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:07:22.0886 1240 cmdide - ok 23:07:22.0917 1240 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 23:07:22.0964 1240 CNG - ok 23:07:22.0964 1240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:07:22.0980 1240 Compbatt - ok 23:07:23.0011 1240 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:07:23.0027 1240 CompositeBus - ok 23:07:23.0042 1240 COMSysApp - ok 23:07:23.0042 1240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:07:23.0058 1240 crcdisk - ok 23:07:23.0089 1240 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:07:23.0121 1240 CryptSvc - ok 23:07:23.0152 1240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:07:23.0199 1240 DcomLaunch - ok 23:07:23.0230 1240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:07:23.0292 1240 defragsvc - ok 23:07:23.0308 1240 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:07:23.0339 1240 DfsC - ok 23:07:23.0355 1240 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 23:07:23.0417 1240 Dhcp - ok 23:07:23.0433 1240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:07:23.0464 1240 discache - ok 23:07:23.0496 1240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:07:23.0511 1240 Disk - ok 23:07:23.0527 1240 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:07:23.0574 1240 Dnscache - ok 23:07:23.0605 1240 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:07:23.0652 1240 dot3svc - ok 23:07:23.0667 1240 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 23:07:23.0699 1240 DPS - ok 23:07:23.0714 1240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:07:23.0746 1240 drmkaud - ok 23:07:23.0824 1240 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:07:23.0839 1240 DXGKrnl - ok 23:07:23.0886 1240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:07:23.0933 1240 EapHost - ok 23:07:24.0074 1240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 23:07:24.0121 1240 ebdrv - ok 23:07:24.0152 1240 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 23:07:24.0183 1240 EFS - ok 23:07:24.0214 1240 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:07:24.0261 1240 ehRecvr - ok 23:07:24.0277 1240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:07:24.0308 1240 ehSched - ok 23:07:24.0339 1240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:07:24.0355 1240 elxstor - ok 23:07:24.0402 1240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:07:24.0417 1240 ErrDev - ok 23:07:24.0433 1240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:07:24.0496 1240 EventSystem - ok 23:07:24.0511 1240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:07:24.0542 1240 exfat - ok 23:07:24.0558 1240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:07:24.0605 1240 fastfat - ok 23:07:24.0636 1240 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 23:07:24.0683 1240 Fax - ok 23:07:24.0699 1240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:07:24.0699 1240 fdc - ok 23:07:24.0714 1240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:07:24.0761 1240 fdPHost - ok 23:07:24.0777 1240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:07:24.0808 1240 FDResPub - ok 23:07:24.0824 1240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:07:24.0839 1240 FileInfo - ok 23:07:24.0855 1240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:07:24.0902 1240 Filetrace - ok 23:07:24.0902 1240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:07:24.0917 1240 flpydisk - ok 23:07:24.0933 1240 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:07:24.0949 1240 FltMgr - ok 23:07:24.0980 1240 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 23:07:25.0011 1240 FontCache - ok 23:07:25.0058 1240 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:07:25.0074 1240 FontCache3.0.0.0 - ok 23:07:25.0089 1240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:07:25.0105 1240 FsDepends - ok 23:07:25.0121 1240 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:07:25.0136 1240 Fs_Rec - ok 23:07:25.0152 1240 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:07:25.0167 1240 fvevol - ok 23:07:25.0183 1240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:07:25.0199 1240 gagp30kx - ok 23:07:25.0230 1240 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 23:07:25.0277 1240 gpsvc - ok 23:07:25.0292 1240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:07:25.0308 1240 hcw85cir - ok 23:07:25.0339 1240 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:07:25.0355 1240 HdAudAddService - ok 23:07:25.0355 1240 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:07:25.0371 1240 HDAudBus - ok 23:07:25.0386 1240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:07:25.0402 1240 HidBatt - ok 23:07:25.0417 1240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:07:25.0433 1240 HidBth - ok 23:07:25.0464 1240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:07:25.0480 1240 HidIr - ok 23:07:25.0511 1240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 23:07:25.0542 1240 hidserv - ok 23:07:25.0558 1240 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:07:25.0558 1240 HidUsb - ok 23:07:25.0589 1240 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:07:25.0636 1240 hkmsvc - ok 23:07:25.0667 1240 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:07:25.0699 1240 HomeGroupListener - ok 23:07:25.0714 1240 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:07:25.0746 1240 HomeGroupProvider - ok 23:07:25.0761 1240 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:07:25.0777 1240 HpSAMD - ok 23:07:25.0808 1240 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:07:25.0855 1240 HTTP - ok 23:07:25.0886 1240 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:07:25.0886 1240 hwpolicy - ok 23:07:25.0917 1240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:07:25.0917 1240 i8042prt - ok 23:07:25.0949 1240 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:07:25.0964 1240 iaStorV - ok 23:07:26.0011 1240 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:07:26.0027 1240 idsvc - ok 23:07:26.0027 1240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:07:26.0042 1240 iirsp - ok 23:07:26.0074 1240 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 23:07:26.0121 1240 IKEEXT - ok 23:07:26.0136 1240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 23:07:26.0152 1240 intelide - ok 23:07:26.0152 1240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:07:26.0183 1240 intelppm - ok 23:07:26.0199 1240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:07:26.0246 1240 IPBusEnum - ok 23:07:26.0261 1240 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:07:26.0308 1240 IpFilterDriver - ok 23:07:26.0339 1240 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:07:26.0386 1240 iphlpsvc - ok 23:07:26.0417 1240 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:07:26.0433 1240 IPMIDRV - ok 23:07:26.0449 1240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:07:26.0480 1240 IPNAT - ok 23:07:26.0496 1240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:07:26.0558 1240 IRENUM - ok 23:07:26.0558 1240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:07:26.0574 1240 isapnp - ok 23:07:26.0605 1240 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:07:26.0621 1240 iScsiPrt - ok 23:07:26.0636 1240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:07:26.0652 1240 kbdclass - ok 23:07:26.0667 1240 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:07:26.0683 1240 kbdhid - ok 23:07:26.0683 1240 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 23:07:26.0699 1240 KeyIso - ok 23:07:26.0730 1240 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:07:26.0746 1240 KSecDD - ok 23:07:26.0777 1240 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:07:26.0792 1240 KSecPkg - ok 23:07:26.0792 1240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:07:26.0839 1240 ksthunk - ok 23:07:26.0855 1240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:07:26.0902 1240 KtmRm - ok 23:07:26.0933 1240 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:07:26.0980 1240 LanmanServer - ok 23:07:26.0996 1240 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:07:27.0027 1240 LanmanWorkstation - ok 23:07:27.0042 1240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:07:27.0074 1240 lltdio - ok 23:07:27.0089 1240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:07:27.0136 1240 lltdsvc - ok 23:07:27.0152 1240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:07:27.0183 1240 lmhosts - ok 23:07:27.0199 1240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:07:27.0214 1240 LSI_FC - ok 23:07:27.0230 1240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:07:27.0230 1240 LSI_SAS - ok 23:07:27.0246 1240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:07:27.0261 1240 LSI_SAS2 - ok 23:07:27.0277 1240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:07:27.0292 1240 LSI_SCSI - ok 23:07:27.0292 1240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:07:27.0339 1240 luafv - ok 23:07:27.0355 1240 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:07:27.0386 1240 Mcx2Svc - ok 23:07:27.0402 1240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:07:27.0402 1240 megasas - ok 23:07:27.0417 1240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:07:27.0449 1240 MegaSR - ok 23:07:27.0464 1240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:07:27.0496 1240 MMCSS - ok 23:07:27.0511 1240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:07:27.0558 1240 Modem - ok 23:07:27.0574 1240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:07:27.0605 1240 monitor - ok 23:07:27.0605 1240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:07:27.0621 1240 mouclass - ok 23:07:27.0636 1240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:07:27.0652 1240 mouhid - ok 23:07:27.0683 1240 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:07:27.0699 1240 mountmgr - ok 23:07:27.0714 1240 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:07:27.0730 1240 MozillaMaintenance - ok 23:07:27.0730 1240 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 23:07:27.0746 1240 mpio - ok 23:07:27.0761 1240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:07:27.0792 1240 mpsdrv - ok 23:07:27.0824 1240 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:07:27.0871 1240 MpsSvc - ok 23:07:27.0886 1240 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:07:27.0917 1240 MRxDAV - ok 23:07:27.0949 1240 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:07:27.0980 1240 mrxsmb - ok 23:07:27.0996 1240 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:07:28.0027 1240 mrxsmb10 - ok 23:07:28.0042 1240 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:07:28.0058 1240 mrxsmb20 - ok 23:07:28.0058 1240 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 23:07:28.0074 1240 msahci - ok 23:07:28.0089 1240 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:07:28.0121 1240 msdsm - ok 23:07:28.0121 1240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:07:28.0152 1240 MSDTC - ok 23:07:28.0167 1240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:07:28.0199 1240 Msfs - ok 23:07:28.0199 1240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:07:28.0246 1240 mshidkmdf - ok 23:07:28.0261 1240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:07:28.0277 1240 msisadrv - ok 23:07:28.0292 1240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:07:28.0339 1240 MSiSCSI - ok 23:07:28.0339 1240 msiserver - ok 23:07:28.0355 1240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:07:28.0402 1240 MSKSSRV - ok 23:07:28.0417 1240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:07:28.0464 1240 MSPCLOCK - ok 23:07:28.0464 1240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:07:28.0496 1240 MSPQM - ok 23:07:28.0527 1240 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:07:28.0542 1240 MsRPC - ok 23:07:28.0558 1240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:07:28.0558 1240 mssmbios - ok 23:07:28.0574 1240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:07:28.0621 1240 MSTEE - ok 23:07:28.0636 1240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:07:28.0652 1240 MTConfig - ok 23:07:28.0667 1240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:07:28.0683 1240 Mup - ok 23:07:28.0714 1240 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 23:07:28.0761 1240 napagent - ok 23:07:28.0792 1240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:07:28.0824 1240 NativeWifiP - ok 23:07:28.0855 1240 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:07:28.0886 1240 NDIS - ok 23:07:28.0902 1240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:07:28.0933 1240 NdisCap - ok 23:07:28.0949 1240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:07:28.0980 1240 NdisTapi - ok 23:07:29.0011 1240 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:07:29.0027 1240 Ndisuio - ok 23:07:29.0074 1240 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:07:29.0105 1240 NdisWan - ok 23:07:29.0121 1240 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:07:29.0167 1240 NDProxy - ok 23:07:29.0183 1240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:07:29.0214 1240 NetBIOS - ok 23:07:29.0230 1240 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:07:29.0277 1240 NetBT - ok 23:07:29.0277 1240 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 23:07:29.0292 1240 Netlogon - ok 23:07:29.0324 1240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:07:29.0371 1240 Netman - ok 23:07:29.0386 1240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:07:29.0449 1240 netprofm - ok 23:07:29.0464 1240 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:07:29.0480 1240 NetTcpPortSharing - ok 23:07:29.0496 1240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:07:29.0496 1240 nfrd960 - ok 23:07:29.0511 1240 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:07:29.0542 1240 NlaSvc - ok 23:07:29.0558 1240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:07:29.0589 1240 Npfs - ok 23:07:29.0605 1240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:07:29.0652 1240 nsi - ok 23:07:29.0652 1240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:07:29.0699 1240 nsiproxy - ok 23:07:29.0746 1240 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:07:29.0792 1240 Ntfs - ok 23:07:29.0808 1240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:07:29.0839 1240 Null - ok 23:07:29.0855 1240 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 23:07:29.0871 1240 NVHDA - ok 23:07:30.0074 1240 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:07:30.0261 1240 nvlddmkm - ok 23:07:30.0292 1240 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:07:30.0292 1240 nvraid - ok 23:07:30.0324 1240 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:07:30.0339 1240 nvstor - ok 23:07:30.0355 1240 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] nvsvc C:\Windows\system32\nvvsvc.exe 23:07:30.0371 1240 nvsvc - ok 23:07:30.0433 1240 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 23:07:30.0496 1240 nvUpdatusService - ok 23:07:30.0511 1240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:07:30.0527 1240 nv_agp - ok 23:07:30.0542 1240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:07:30.0558 1240 ohci1394 - ok 23:07:30.0589 1240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:07:30.0621 1240 p2pimsvc - ok 23:07:30.0652 1240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:07:30.0667 1240 p2psvc - ok 23:07:30.0683 1240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:07:30.0699 1240 Parport - ok 23:07:30.0714 1240 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:07:30.0730 1240 partmgr - ok 23:07:30.0746 1240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:07:30.0777 1240 PcaSvc - ok 23:07:30.0792 1240 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 23:07:30.0808 1240 pci - ok 23:07:30.0839 1240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 23:07:30.0839 1240 pciide - ok 23:07:30.0855 1240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:07:30.0886 1240 pcmcia - ok 23:07:30.0886 1240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:07:30.0902 1240 pcw - ok 23:07:30.0917 1240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:07:30.0980 1240 PEAUTH - ok 23:07:31.0027 1240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:07:31.0058 1240 PerfHost - ok 23:07:31.0105 1240 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 23:07:31.0152 1240 pla - ok 23:07:31.0199 1240 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:07:31.0214 1240 PlugPlay - ok 23:07:31.0230 1240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:07:31.0261 1240 PNRPAutoReg - ok 23:07:31.0277 1240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:07:31.0292 1240 PNRPsvc - ok 23:07:31.0292 1240 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:07:31.0355 1240 PolicyAgent - ok 23:07:31.0371 1240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:07:31.0417 1240 Power - ok 23:07:31.0433 1240 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:07:31.0464 1240 PptpMiniport - ok 23:07:31.0480 1240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:07:31.0496 1240 Processor - ok 23:07:31.0527 1240 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 23:07:31.0574 1240 ProfSvc - ok 23:07:31.0589 1240 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:07:31.0605 1240 ProtectedStorage - ok 23:07:31.0621 1240 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:07:31.0652 1240 Psched - ok 23:07:31.0683 1240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:07:31.0730 1240 ql2300 - ok 23:07:31.0746 1240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:07:31.0761 1240 ql40xx - ok 23:07:31.0792 1240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:07:31.0808 1240 QWAVE - ok 23:07:31.0808 1240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:07:31.0839 1240 QWAVEdrv - ok 23:07:31.0855 1240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:07:31.0886 1240 RasAcd - ok 23:07:31.0917 1240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:07:31.0949 1240 RasAgileVpn - ok 23:07:31.0949 1240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:07:31.0996 1240 RasAuto - ok 23:07:32.0027 1240 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:07:32.0074 1240 Rasl2tp - ok 23:07:32.0089 1240 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 23:07:32.0121 1240 RasMan - ok 23:07:32.0152 1240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:07:32.0183 1240 RasPppoe - ok 23:07:32.0199 1240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:07:32.0230 1240 RasSstp - ok 23:07:32.0261 1240 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:07:32.0308 1240 rdbss - ok 23:07:32.0339 1240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:07:32.0355 1240 rdpbus - ok 23:07:32.0371 1240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:07:32.0402 1240 RDPCDD - ok 23:07:32.0417 1240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:07:32.0449 1240 RDPENCDD - ok 23:07:32.0464 1240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:07:32.0496 1240 RDPREFMP - ok 23:07:32.0527 1240 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:07:32.0558 1240 RDPWD - ok 23:07:32.0589 1240 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:07:32.0589 1240 rdyboost - ok 23:07:32.0621 1240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:07:32.0652 1240 RemoteAccess - ok 23:07:32.0683 1240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:07:32.0714 1240 RemoteRegistry - ok 23:07:32.0746 1240 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:07:32.0761 1240 RFCOMM - ok 23:07:32.0777 1240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:07:32.0824 1240 RpcEptMapper - ok 23:07:32.0839 1240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:07:32.0855 1240 RpcLocator - ok 23:07:32.0886 1240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 23:07:32.0917 1240 RpcSs - ok 23:07:32.0933 1240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:07:32.0964 1240 rspndr - ok 23:07:32.0980 1240 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 23:07:32.0996 1240 RTL8167 - ok 23:07:33.0027 1240 [ 5EDFCEE5682237607082880338415AA6 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 23:07:33.0058 1240 RTL8192su - ok 23:07:33.0074 1240 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 23:07:33.0074 1240 SamSs - ok 23:07:33.0105 1240 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:07:33.0121 1240 sbp2port - ok 23:07:33.0136 1240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:07:33.0183 1240 SCardSvr - ok 23:07:33.0199 1240 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:07:33.0246 1240 scfilter - ok 23:07:33.0277 1240 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 23:07:33.0339 1240 Schedule - ok 23:07:33.0355 1240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:07:33.0386 1240 SCPolicySvc - ok 23:07:33.0417 1240 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:07:33.0464 1240 SDRSVC - ok 23:07:33.0464 1240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:07:33.0511 1240 secdrv - ok 23:07:33.0527 1240 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 23:07:33.0574 1240 seclogon - ok 23:07:33.0589 1240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 23:07:33.0636 1240 SENS - ok 23:07:33.0652 1240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:07:33.0683 1240 SensrSvc - ok 23:07:33.0699 1240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:07:33.0714 1240 Serenum - ok 23:07:33.0730 1240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:07:33.0746 1240 Serial - ok 23:07:33.0777 1240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:07:33.0792 1240 sermouse - ok 23:07:33.0824 1240 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 23:07:33.0855 1240 SessionEnv - ok 23:07:33.0886 1240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:07:33.0902 1240 sffdisk - ok 23:07:33.0917 1240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:07:33.0949 1240 sffp_mmc - ok 23:07:33.0949 1240 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:07:33.0964 1240 sffp_sd - ok 23:07:33.0980 1240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:07:33.0996 1240 sfloppy - ok 23:07:34.0027 1240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:07:34.0074 1240 SharedAccess - ok 23:07:34.0089 1240 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:07:34.0136 1240 ShellHWDetection - ok 23:07:34.0152 1240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:07:34.0152 1240 SiSRaid2 - ok 23:07:34.0167 1240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:07:34.0183 1240 SiSRaid4 - ok 23:07:34.0199 1240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:07:34.0246 1240 Smb - ok 23:07:34.0261 1240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:07:34.0277 1240 SNMPTRAP - ok 23:07:34.0277 1240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:07:34.0292 1240 spldr - ok 23:07:34.0324 1240 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 23:07:34.0371 1240 Spooler - ok 23:07:34.0433 1240 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 23:07:34.0542 1240 sppsvc - ok 23:07:34.0558 1240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:07:34.0605 1240 sppuinotify - ok 23:07:34.0636 1240 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 23:07:34.0667 1240 srv - ok 23:07:34.0683 1240 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:07:34.0714 1240 srv2 - ok 23:07:34.0730 1240 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:07:34.0761 1240 srvnet - ok 23:07:34.0777 1240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:07:34.0824 1240 SSDPSRV - ok 23:07:34.0839 1240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:07:34.0871 1240 SstpSvc - ok 23:07:34.0933 1240 [ 6086B60F2E36D06A063CB07ED0524332 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 23:07:34.0933 1240 Stereo Service - ok 23:07:34.0949 1240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:07:34.0964 1240 stexstor - ok 23:07:34.0996 1240 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 23:07:35.0027 1240 stisvc - ok 23:07:35.0042 1240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 23:07:35.0058 1240 swenum - ok 23:07:35.0089 1240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:07:35.0136 1240 swprv - ok 23:07:35.0183 1240 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 23:07:35.0246 1240 SysMain - ok 23:07:35.0261 1240 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:07:35.0292 1240 TabletInputService - ok 23:07:35.0308 1240 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:07:35.0355 1240 TapiSrv - ok 23:07:35.0355 1240 TBPanel - ok 23:07:35.0371 1240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:07:35.0402 1240 TBS - ok 23:07:35.0449 1240 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:07:35.0496 1240 Tcpip - ok 23:07:35.0527 1240 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:07:35.0574 1240 TCPIP6 - ok 23:07:35.0605 1240 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:07:35.0652 1240 tcpipreg - ok 23:07:35.0667 1240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:07:35.0683 1240 TDPIPE - ok 23:07:35.0699 1240 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:07:35.0714 1240 TDTCP - ok 23:07:35.0730 1240 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:07:35.0761 1240 tdx - ok 23:07:35.0777 1240 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:07:35.0792 1240 TermDD - ok 23:07:35.0824 1240 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 23:07:35.0871 1240 TermService - ok 23:07:35.0886 1240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:07:35.0917 1240 Themes - ok 23:07:35.0933 1240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:07:35.0964 1240 THREADORDER - ok 23:07:35.0980 1240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:07:36.0027 1240 TrkWks - ok 23:07:36.0074 1240 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:07:36.0121 1240 TrustedInstaller - ok 23:07:36.0136 1240 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:07:36.0167 1240 tssecsrv - ok 23:07:36.0199 1240 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:07:36.0230 1240 TsUsbFlt - ok 23:07:36.0246 1240 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:07:36.0292 1240 tunnel - ok 23:07:36.0308 1240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:07:36.0324 1240 uagp35 - ok 23:07:36.0355 1240 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:07:36.0386 1240 udfs - ok 23:07:36.0417 1240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:07:36.0433 1240 UI0Detect - ok 23:07:36.0464 1240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:07:36.0480 1240 uliagpkx - ok 23:07:36.0496 1240 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 23:07:36.0511 1240 umbus - ok 23:07:36.0527 1240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:07:36.0542 1240 UmPass - ok 23:07:36.0558 1240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:07:36.0589 1240 upnphost - ok 23:07:36.0621 1240 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:07:36.0652 1240 usbccgp - ok 23:07:36.0667 1240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:07:36.0699 1240 usbcir - ok 23:07:36.0714 1240 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:07:36.0746 1240 usbehci - ok 23:07:36.0761 1240 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:07:36.0792 1240 usbhub - ok 23:07:36.0808 1240 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 23:07:36.0839 1240 usbohci - ok 23:07:36.0855 1240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:07:36.0871 1240 usbprint - ok 23:07:36.0886 1240 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:07:36.0902 1240 usbscan - ok 23:07:36.0917 1240 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:07:36.0949 1240 USBSTOR - ok 23:07:36.0980 1240 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:07:36.0996 1240 usbuhci - ok 23:07:37.0011 1240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:07:37.0058 1240 UxSms - ok 23:07:37.0074 1240 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 23:07:37.0074 1240 VaultSvc - ok 23:07:37.0105 1240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:07:37.0121 1240 vdrvroot - ok 23:07:37.0136 1240 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 23:07:37.0183 1240 vds - ok 23:07:37.0199 1240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:07:37.0214 1240 vga - ok 23:07:37.0230 1240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:07:37.0277 1240 VgaSave - ok 23:07:37.0292 1240 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:07:37.0308 1240 vhdmp - ok 23:07:37.0324 1240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 23:07:37.0324 1240 viaide - ok 23:07:37.0339 1240 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:07:37.0355 1240 volmgr - ok 23:07:37.0386 1240 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:07:37.0402 1240 volmgrx - ok 23:07:37.0417 1240 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:07:37.0433 1240 volsnap - ok 23:07:37.0449 1240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:07:37.0464 1240 vsmraid - ok 23:07:37.0511 1240 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 23:07:37.0589 1240 VSS - ok 23:07:37.0605 1240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 23:07:37.0621 1240 vwifibus - ok 23:07:37.0636 1240 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:07:37.0652 1240 vwififlt - ok 23:07:37.0667 1240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:07:37.0714 1240 W32Time - ok 23:07:37.0730 1240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:07:37.0746 1240 WacomPen - ok 23:07:37.0761 1240 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:07:37.0792 1240 WANARP - ok 23:07:37.0808 1240 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:07:37.0839 1240 Wanarpv6 - ok 23:07:37.0871 1240 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 23:07:37.0917 1240 wbengine - ok 23:07:37.0933 1240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:07:37.0949 1240 WbioSrvc - ok 23:07:37.0980 1240 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:07:37.0996 1240 wcncsvc - ok 23:07:38.0011 1240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:07:38.0027 1240 WcsPlugInService - ok 23:07:38.0042 1240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:07:38.0058 1240 Wd - ok 23:07:38.0089 1240 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:07:38.0121 1240 Wdf01000 - ok 23:07:38.0121 1240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:07:38.0183 1240 WdiServiceHost - ok 23:07:38.0199 1240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:07:38.0214 1240 WdiSystemHost - ok 23:07:38.0230 1240 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 23:07:38.0261 1240 WebClient - ok 23:07:38.0277 1240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:07:38.0308 1240 Wecsvc - ok 23:07:38.0324 1240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:07:38.0371 1240 wercplsupport - ok 23:07:38.0386 1240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:07:38.0417 1240 WerSvc - ok 23:07:38.0433 1240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:07:38.0464 1240 WfpLwf - ok 23:07:38.0480 1240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:07:38.0480 1240 WIMMount - ok 23:07:38.0496 1240 WinDefend - ok 23:07:38.0496 1240 WinHttpAutoProxySvc - ok 23:07:38.0558 1240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:07:38.0589 1240 Winmgmt - ok 23:07:38.0636 1240 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 23:07:38.0699 1240 WinRM - ok 23:07:38.0714 1240 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:07:38.0746 1240 WinUsb - ok 23:07:38.0777 1240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:07:38.0808 1240 Wlansvc - ok 23:07:38.0886 1240 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:07:38.0949 1240 wlidsvc - ok 23:07:38.0980 1240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:07:38.0980 1240 WmiAcpi - ok 23:07:39.0011 1240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:07:39.0027 1240 wmiApSrv - ok 23:07:39.0027 1240 WMPNetworkSvc - ok 23:07:39.0042 1240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:07:39.0058 1240 WPCSvc - ok 23:07:39.0074 1240 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:07:39.0105 1240 WPDBusEnum - ok 23:07:39.0136 1240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:07:39.0167 1240 ws2ifsl - ok 23:07:39.0183 1240 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 23:07:39.0214 1240 wscsvc - ok 23:07:39.0214 1240 WSearch - ok 23:07:39.0261 1240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 23:07:39.0339 1240 wuauserv - ok 23:07:39.0339 1240 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:07:39.0386 1240 WudfPf - ok 23:07:39.0417 1240 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:07:39.0449 1240 WUDFRd - ok 23:07:39.0480 1240 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:07:39.0511 1240 wudfsvc - ok 23:07:39.0511 1240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:07:39.0542 1240 WwanSvc - ok 23:07:39.0558 1240 ================ Scan global =============================== 23:07:39.0574 1240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:07:39.0605 1240 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:07:39.0621 1240 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:07:39.0652 1240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:07:39.0683 1240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:07:39.0683 1240 [Global] - ok 23:07:39.0683 1240 ================ Scan MBR ================================== 23:07:39.0683 1240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:07:39.0933 1240 \Device\Harddisk0\DR0 - ok 23:07:39.0933 1240 ================ Scan VBR ================================== 23:07:39.0933 1240 [ 00D88A0B337CEB90E4F76480784D7003 ] \Device\Harddisk0\DR0\Partition1 23:07:39.0933 1240 \Device\Harddisk0\DR0\Partition1 - ok 23:07:39.0933 1240 [ F44FE67D1A36560250CEB64304372FC4 ] \Device\Harddisk0\DR0\Partition2 23:07:39.0949 1240 \Device\Harddisk0\DR0\Partition2 - ok 23:07:39.0964 1240 [ F7DED93E7E6E1E327DE82E56CA3EBC1C ] \Device\Harddisk0\DR0\Partition3 23:07:39.0964 1240 \Device\Harddisk0\DR0\Partition3 - ok 23:07:39.0964 1240 ============================================================ 23:07:39.0964 1240 Scan finished 23:07:39.0964 1240 ============================================================ 23:07:39.0964 5076 Detected object count: 0 23:07:39.0964 5076 Actual detected object count: 0 war das zuviel ,oder muss das so lang sein ? Befund ? |
|
11.11.2012, 00:11
| #7 | |
| /// Malware-holic | von 1&1 über Trojaner Torpig informiert nö war ok combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.11.2012, 01:08
| #8 |
| | von 1&1 über Trojaner Torpig informiertCode:
ATTFilter ComboFix 12-11-09.02 - ********* 11.11.2012 1:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2249 [GMT 1:00]
ausgeführt von:: c:\users\*******\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp73B8.tmp
c:\windows\SysWow64\tmp7417.tmp
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-11 bis 2012-11-11 ))))))))))))))))))))))))))))))
.
.
2012-11-09 14:21 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6752DB-40E9-416B-AC86-657E9BB83C92}\mpengine.dll
2012-10-29 11:48 . 2012-10-29 12:11 -------- d-----w- c:\users\Rene Geißler\AppData\Local\Microsoft Games
2012-10-28 20:51 . 2012-11-04 21:50 -------- dc----w- c:\users\Rene Geißler\AppData\Local\MigWiz
2012-10-19 23:46 . 2012-10-19 23:46 -------- d-----w- c:\program files\DIFX
2012-10-19 20:38 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-10-19 20:37 . 2012-10-19 20:38 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-10-14 11:00 . 2012-10-14 11:01 -------- d-----w- c:\users\Rene Geißler\.dvdcss
2012-10-14 10:59 . 2012-10-19 20:39 -------- d-----w- c:\users\Rene Geißler\AppData\Roaming\Leawo
2012-10-14 10:59 . 2012-10-19 20:39 -------- d-----w- c:\programdata\Leawo
2012-10-14 10:59 . 2012-10-14 10:59 -------- d-----w- c:\users\Rene Geißler\AppData\Roaming\tiger-k
2012-10-14 10:58 . 2012-01-10 08:18 66944 ----a-w- c:\windows\SysWow64\thdudf.sys
2012-10-14 10:58 . 2012-01-10 08:18 66944 ----a-w- c:\windows\SysWow64\drivers\thdudf.sys
2012-10-14 10:58 . 2012-10-19 20:44 -------- d-----w- c:\program files (x86)\Leawo
2012-10-13 20:16 . 2012-10-13 20:16 -------- d-----w- c:\users\Rene Geißler\AppData\Roaming\Abelssoft
2012-10-13 20:16 . 2012-10-13 20:16 -------- d-----w- c:\users\Rene Geißler\AppData\Local\Abelssoft
2012-10-13 20:16 . 2012-10-13 20:16 -------- d-----w- c:\program files (x86)\UpdateYeti
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 21:15 . 2012-02-07 21:29 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 19:29 . 2012-05-06 09:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:29 . 2012-02-06 21:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-04-01 15:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-11 18:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 18:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-09 20:36 . 2012-09-09 20:36 2295408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-09 20:36 . 2012-09-09 20:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 18:19 . 2012-10-11 18:50 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-11 18:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 18:50 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 18:50 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-28 18:24 . 2012-07-12 07:02 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2012-02-06 21:54 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 18:05 . 2012-10-11 18:50 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-11 18:50 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 00:05 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 00:05 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 00:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 00:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 00:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 00:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 00:05 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 00:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 00:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 00:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 00:05 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 00:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 00:05 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 00:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 00:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 00:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 00:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 15:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 09:37 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-11 18:50 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-11 18:50 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-11 18:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-11 18:50 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-11 18:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-11 18:50 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-11 18:50 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-11 18:50 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-11 18:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-11 18:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-11 18:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-11 18:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-11 18:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-11 18:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-11 18:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 18:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2011-06-02 2265416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29890175
*NewlyCreated* - 77281283
*Deregistered* - 29890175
*Deregistered* - 77281283
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 19:29]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Rene Geißler\AppData\Roaming\Mozilla\Firefox\Profiles\l5pvbbfk.default\
FF - prefs.js: browser.startup.homepage - www.msn.de
FF - ExtSQL: 2012-09-23 17:52; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-10 15:23; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Rene Geißler\AppData\Roaming\Mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-11-10 22:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rene Geißler\AppData\Roaming\Mozilla\Firefox\Profiles\l5pvbbfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-11 01:06:06
ComboFix-quarantined-files.txt 2012-11-11 00:06
.
Vor Suchlauf: 19 Verzeichnis(se), 24.758.861.824 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 24.510.771.200 Bytes frei
.
- - End Of File - - FA236D625CC9D78275A292156FE2CAB9
|
|
11.11.2012, 01:54
| #9 |
| /// Malware-holic | von 1&1 über Trojaner Torpig informiert hi lade hitmanpro: http://www.trojaner-board.de/99424-c...o-scannen.html doppelklick, lizense, activate test lizense. dann scan. nichts löschen, am ende log als xml exportieren und posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.11.2012, 11:52
| #10 |
| | von 1&1 über Trojaner Torpig informiert guten Morgen , bin eingeschlafen.... Code:
ATTFilter HitmanPro 3.6.2.173
www.hitmanpro.com
Computer name . . . . : HÖLLENMASCHINE
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Höllenmaschine\Rene Geißler
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2012-11-11 11:47:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 56s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 1.188.821
Files scanned . . . . : 12.711
Remnants scanned . . : 368.996 files / 807.114 keys
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\3SNJQE5W.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\VJ0I1C8O.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\Z2FEVY3J.txt
log poste ich dann... Abend, nun der Laptop: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ist der 1. PC fertig ? Abend, hab jetzt den Laptop von meiner tochter dran. 1. log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 10.11.2012 22:49:05 mbam-log-2012-11-10 (23-43-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369353 Laufzeit: 53 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> 3948 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{4F1CBC1A-FF70-AD40-AC15-0C5485672F49} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) soweit... hi..., kann mir jemand weiter helfen. Muss in 2h auf Arbeit und wollte das noch bereinigen. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [QUOTE=Mr.Mondi;954272]guten Morgen , bin eingeschlafen.... Code:
ATTFilter HitmanPro 3.6.2.173
www.hitmanpro.com
Computer name . . . . : HÖLLENMASCHINE
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Höllenmaschine\Rene Geißler
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2012-11-11 11:47:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 56s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 1.188.821
Files scanned . . . . : 12.711
Remnants scanned . . : 368.996 files / 807.114 keys
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\3SNJQE5W.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\VJ0I1C8O.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\Z2FEVY3J.txt
log poste ich dann... Abend, nun der Laptop: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ist der 1. PC fertig ? Abend, hab jetzt den Laptop von meiner tochter dran. 1. log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 10.11.2012 22:49:05 mbam-log-2012-11-10 (23-43-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369353 Laufzeit: 53 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> 3948 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{4F1CBC1A-FF70-AD40-AC15-0C5485672F49} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) soweit... [QUOTE=Mr.Mondi;954272]guten Morgen , bin eingeschlafen.... Code:
ATTFilter HitmanPro 3.6.2.173
www.hitmanpro.com
Computer name . . . . : HÖLLENMASCHINE
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Höllenmaschine\Rene Geißler
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2012-11-11 11:47:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 56s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 1.188.821
Files scanned . . . . : 12.711
Remnants scanned . . : 368.996 files / 807.114 keys
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-4161975604-971923823-3228321193-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\3SNJQE5W.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\VJ0I1C8O.txt
C:\Users\Rene Geißler\AppData\Roaming\Microsoft\Windows\Cookies\Z2FEVY3J.txt
log poste ich dann... Abend, nun der Laptop: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ist der 1. PC fertig ? Abend, hab jetzt den Laptop von meiner tochter dran. 1. log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 10.11.2012 22:49:05 mbam-log-2012-11-10 (23-43-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369353 Laufzeit: 53 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> 3948 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{4F1CBC1A-FF70-AD40-AC15-0C5485672F49} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Taiya\AppData\Roaming\Bybea\etni.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Taiya :: RUBY [Administrator] 11.11.2012 16:06:55 mbam-log-2012-11-11 (16-06-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348821 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) soweit... |
|
12.11.2012, 15:40
| #11 |
| /// Malware-holic | von 1&1 über Trojaner Torpig informiert wieso postest du alle logs 3 mal? tochters laptop muss neu aufgesetzt werden, und alle passwörter müssen geendert werden. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu von 1&1 über Trojaner Torpig informiert |
| administrator, anti-malware, autostart, bösartige, dateien, explorer, festgestellt, große, guten, laptop, laufen, liebe, mail, minute, rechner, registrierung, service, speicher, torpig, troja, trojaner, trojaner-torpig, version, verzeichnisse, vollständiger, win |
Linear-Darstellung
