|
Plagegeister aller Art und deren Bekämpfung: bundespolizei trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.12.2012, 11:51 | #1 |
| bundespolizei trojaner Hallo, ich habe dieses forum empfohlen bekommen, da ich mich mit einem dieser bundespolizei trojaner herumschlage. einen scan mit Malwarebytes hab ich durchgeführt. ich würde mich sehr freuen, wenn ihr mir helfen könntet. hier das logfile: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.24.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Helena :: HELENA-PC [Administrator] 05.12.2012 00:28:33 HDmbam-log-2012-12-05 (11-30-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340097 Laufzeit: 1 Stunde(n), 31 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Helena\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Helena\AppData\Local\Temp\tmp5fc193df\loader2.exe (Malware.Packer) -> Keine Aktion durchgeführt. C:\Users\Helena\AppData\Local\Temp\tmp99a90fe0\ig50.exe (Trojan.Zbot.SXGen) -> Keine Aktion durchgeführt. C:\Users\Helena\AppData\Local\Temp\tmpc99dcdc9\loader1.exe (Backdoor.Bot) -> Keine Aktion durchgeführt. C:\Users\Helena\AppData\Local\Temp\tmpdfe24fb4\loader1.exe (Trojan.Graftor) -> Keine Aktion durchgeführt. C:\Users\Helena\AppData\Local\Temp\tmpf71a96cc\loader1.exe (Backdoor.Pushdo) -> Keine Aktion durchgeführt. C:\Users\Helena\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Keine Aktion durchgeführt. (Ende) |
05.12.2012, 12:46 | #2 |
/// Malware-holic | bundespolizei trojaner hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
05.12.2012, 22:34 | #3 |
| bundespolizei trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12/5/2012 10:09:23 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helena\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.96 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.79% Memory free 5.92 Gb Paging File | 4.62 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 282.99 Gb Total Space | 214.41 Gb Free Space | 75.76% Space Free | Partition Type: NTFS Computer Name: HELENA-PC | User Name: Helena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/05 21:41:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helena\Downloads\OTL.exe PRC - [2012/10/17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/10/10 12:24:19 | 002,309,656 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/08/16 10:38:10 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Helena\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011/06/29 03:10:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/05/21 22:13:45 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe PRC - [2011/04/27 15:22:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/03 20:12:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/01/14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/20 10:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ========== Modules (No Company Name) ========== MOD - [2012/10/10 12:24:19 | 002,309,656 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012/10/10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012/10/28 04:08:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 12:24:19 | 002,309,656 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/06/29 03:10:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/21 22:13:45 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2011/04/27 15:22:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010/07/17 14:56:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a02by9va) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/08/05 11:02:46 | 002,203,648 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/06/29 03:10:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/29 03:10:21 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/21 22:13:45 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010/12/02 11:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/17 09:59:09 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/10 14:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=112555&tt=140812_bandext_3312_3&babsrc=HP_ss&mntrId=1e754307000000000000b482fe6bc980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112555&tt=140812_bandext_3312_3&babsrc=HP_ss&mntrId=1e754307000000000000b482fe6bc980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112555&tt=140812_bandext_3312_3&babsrc=HP_ss&mntrId=1e754307000000000000b482fe6bc980 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=140812_bandext_3312_3&babsrc=SP_ss&mntrId=1e754307000000000000b482fe6bc980 IE - HKCU\..\SearchScopes\{19735F2A-2CC3-46F4-A5C9-B5ADB4D5FEBD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=8D965359-4C08-4B67-9477-731309EB0215&apn_sauid=E84F2F53-6924-4E89-982B-2BC2CE1E9113 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112555&tt=140812_bandext_3312_3&babsrc=HP_ss&mntrId=1e754307000000000000b482fe6bc980" FF - prefs.js..extensions.enabledAddons: grooveshredder@code.argee.org:1.14.10 FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41 FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=8D965359-4C08-4B67-9477-731309EB0215&apn_ptnrs=U3&apn_sauid=E84F2F53-6924-4E89-982B-2BC2CE1E9113&apn_dtid=OSJ000YYAT&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 04:08:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 18:47:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 08:21:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 04:08:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 18:47:43 | 000,000,000 | ---D | M] [2011/05/22 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helena\AppData\Roaming\mozilla\Extensions [2012/11/27 20:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helena\AppData\Roaming\mozilla\Firefox\Profiles\zvtm32gt.default\extensions [2012/10/27 11:48:08 | 000,000,000 | ---D | M] (Firefox Hotfix) -- C:\Users\Helena\AppData\Roaming\mozilla\Firefox\Profiles\zvtm32gt.default\extensions\firefox-hotfix@mozilla.org [2012/11/27 20:46:39 | 000,000,000 | ---D | M] (Groove Shredder) -- C:\Users\Helena\AppData\Roaming\mozilla\Firefox\Profiles\zvtm32gt.default\extensions\grooveshredder@code.argee.org [2012/11/07 12:22:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Helena\AppData\Roaming\mozilla\Firefox\Profiles\zvtm32gt.default\extensions\toolbar@ask.com [2012/10/26 11:08:58 | 000,025,868 | ---- | M] () (No name found) -- C:\Users\Helena\AppData\Roaming\mozilla\firefox\profiles\zvtm32gt.default\extensions\firefox-hotfix@mozilla.org.xpi [2012/11/27 20:34:30 | 000,089,261 | ---- | M] () (No name found) -- C:\Users\Helena\AppData\Roaming\mozilla\firefox\profiles\zvtm32gt.default\extensions\grooveshredder@code.argee.org.xpi [2012/11/22 14:15:48 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Helena\AppData\Roaming\mozilla\firefox\profiles\zvtm32gt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011/12/27 11:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/12/27 11:49:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/10/09 10:34:41 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2012/12/05 12:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions [2012/12/05 12:56:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/12/05 12:56:04 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\updated\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2012/12/05 12:56:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/10/28 04:08:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/08/15 08:46:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/16 10:38:20 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/09/15 18:23:21 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/15 08:46:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/08/15 08:46:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/08/15 08:46:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/08/15 08:46:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: No name found = C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.29524\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Helena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Helena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1B4DF4-69F4-403E-A511-C8B9790D2E8F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3BB52C-1A20-4A0F-B6FD-02A4BDB72B86}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APLangApp - hkey= - key= - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: SpywareTerminatorUpdate - hkey= - key= - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/16 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Helena\Desktop\sommer 12 [2012/11/14 12:52:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/13 14:26:26 | 000,000,000 | ---D | C] -- C:\Users\Helena\AppData\Roaming\DVDVideoSoft [2012/11/11 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Helena\Desktop\dyer [2012/11/11 03:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/11 03:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/11/10 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/11/10 17:05:53 | 000,000,000 | ---D | C] -- C:\c3cc05ed6ddae82cb2c62eb6 [2012/11/08 01:31:50 | 000,000,000 | ---D | C] -- C:\Users\Helena\Desktop\tolle [2012/11/07 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/11/07 12:22:02 | 000,000,000 | ---D | C] -- C:\Users\Helena\AppData\Local\APN [2012/11/07 12:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012/11/07 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/11/07 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/11/07 12:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/12/05 21:55:01 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/05 21:39:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/05 12:29:11 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/05 12:29:11 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/05 12:26:12 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/12/05 12:26:12 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/12/05 12:26:12 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/12/05 12:26:12 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/12/05 12:21:28 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/05 12:21:17 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys [2012/12/05 12:21:16 | 281,890,505 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/12/05 00:20:30 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012/12/04 23:54:18 | 000,001,073 | ---- | M] () -- C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/11/30 20:06:36 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/25 00:50:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/20 12:23:25 | 001,089,457 | ---- | M] () -- C:\Users\Helena\Desktop\warrior.png [2012/11/20 12:17:32 | 000,729,942 | ---- | M] () -- C:\Users\Helena\Desktop\brigitte bardot.png [2012/11/20 12:15:24 | 002,352,196 | ---- | M] () -- C:\Users\Helena\Desktop\IMG_1563.JPG [2012/11/20 12:15:16 | 002,527,255 | ---- | M] () -- C:\Users\Helena\Desktop\IMG_1562.JPG [2012/11/18 19:18:11 | 001,303,566 | ---- | M] () -- C:\Users\Helena\Desktop\tth12_Fragebogen_Vorlage.pdf [2012/11/15 22:27:59 | 000,306,572 | ---- | M] () -- C:\Users\Helena\unfinished_by_alexaink-d5igsoj.jpg [2012/11/14 14:45:07 | 003,788,048 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/11/13 14:26:17 | 000,001,201 | ---- | M] () -- C:\Users\Helena\Desktop\DVDVideoSoft Free Studio.lnk [2012/11/13 14:26:16 | 000,001,360 | ---- | M] () -- C:\Users\Helena\Desktop\Free YouTube to MP3 Converter.lnk [2012/11/13 11:26:06 | 000,588,471 | ---- | M] () -- C:\Users\Helena\Desktop\Einladung SHS.jpg [2012/11/11 03:04:51 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012/12/04 23:54:18 | 000,001,073 | ---- | C] () -- C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/11/20 12:23:25 | 001,089,457 | ---- | C] () -- C:\Users\Helena\Desktop\warrior.png [2012/11/20 12:17:32 | 000,729,942 | ---- | C] () -- C:\Users\Helena\Desktop\brigitte bardot.png [2012/11/20 12:15:06 | 002,527,255 | ---- | C] () -- C:\Users\Helena\Desktop\IMG_1562.JPG [2012/11/20 12:15:06 | 002,352,196 | ---- | C] () -- C:\Users\Helena\Desktop\IMG_1563.JPG [2012/11/18 19:17:00 | 001,303,566 | ---- | C] () -- C:\Users\Helena\Desktop\tth12_Fragebogen_Vorlage.pdf [2012/11/15 22:27:58 | 000,306,572 | ---- | C] () -- C:\Users\Helena\unfinished_by_alexaink-d5igsoj.jpg [2012/11/14 12:47:01 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 12:46:29 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/13 14:26:16 | 000,001,360 | ---- | C] () -- C:\Users\Helena\Desktop\Free YouTube to MP3 Converter.lnk [2012/11/13 12:27:02 | 000,588,471 | ---- | C] () -- C:\Users\Helena\Desktop\Einladung SHS.jpg [2012/10/04 14:39:39 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012/03/18 22:44:53 | 000,005,632 | ---- | C] () -- C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/11 10:47:25 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2011/05/22 08:13:29 | 000,000,000 | ---- | C] () -- C:\Users\Helena\AppData\Local\{6CEE3637-699E-4C11-A4A2-CEAB597C4488} [2011/05/22 07:44:43 | 000,000,000 | ---- | C] () -- C:\Users\Helena\AppData\Local\{D60BDD90-E05B-4799-B734-02DA00A9D362} [2011/05/22 07:20:24 | 000,000,000 | ---- | C] () -- C:\Users\Helena\AppData\Local\{2620D88B-C290-4B71-BAD3-9B111CAB4479} [2011/05/21 22:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Helena\AppData\Local\{02A2C2F5-6D80-4976-8359-98B824D88339} [2011/05/21 22:13:45 | 000,142,592 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2010/07/24 21:50:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/17 14:01:36 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/07/17 15:25:34 | 000,000,000 | -HSD | M] -- C:\Users\Helena\AppData\Roaming\.# [2010/10/09 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Academic Software Zurich [2012/12/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Acym [2010/12/18 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Amazon [2012/08/16 10:38:14 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Babylon [2012/08/16 10:38:40 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\BabylonToolbar [2010/07/17 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\DAEMON Tools Lite [2012/12/05 12:21:58 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Dropbox [2012/11/13 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\DVDVideoSoft [2012/11/13 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\DVDVideoSoftIEHelpers [2010/07/17 15:25:19 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\GameConsole [2010/07/21 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\PDF Writer [2012/05/20 20:57:47 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Spotify [2011/05/22 08:15:13 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\Spyware Terminator [2012/08/16 10:38:39 | 000,000,000 | ---D | M] -- C:\Users\Helena\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/07/17 14:19:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010/10/26 23:53:15 | 000,000,000 | ---D | M] -- C:\aa053eed7be24944f5cdf6 [2012/11/10 17:07:21 | 000,000,000 | ---D | M] -- C:\c3cc05ed6ddae82cb2c62eb6 [2012/11/14 12:58:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/01/06 21:27:18 | 000,000,000 | -HSD | M] -- C:\found.000 [2012/03/01 20:55:42 | 000,000,000 | -HSD | M] -- C:\found.001 [2012/08/16 10:50:53 | 000,000,000 | -HSD | M] -- C:\found.002 [2009/12/05 03:37:27 | 000,000,000 | ---D | M] -- C:\Intel [2010/07/17 10:04:33 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/11/07 12:22:02 | 000,000,000 | R--D | M] -- C:\Program Files [2012/12/05 11:31:28 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/07/17 13:58:45 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/12/05 22:11:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/07/17 14:00:00 | 000,000,000 | R--D | M] -- C:\Users [2012/12/05 12:21:16 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 05:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2010/07/29 19:20:23 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/07/29 19:20:24 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 13:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTOR.SYS > [2009/10/13 03:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 03:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys [2009/10/13 03:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys [2009/10/13 03:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/07/17 09:59:09 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012/12/05 22:25:41 | 004,456,448 | -HS- | M] () -- C:\Users\Helena\ntuser.dat [2012/12/05 22:25:41 | 000,262,144 | -HS- | M] () -- C:\Users\Helena\ntuser.dat.LOG1 [2010/07/17 14:00:01 | 000,000,000 | -HS- | M] () -- C:\Users\Helena\ntuser.dat.LOG2 [2010/07/17 14:24:43 | 000,065,536 | -HS- | M] () -- C:\Users\Helena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/07/17 14:24:43 | 000,524,288 | -HS- | M] () -- C:\Users\Helena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/07/17 14:24:43 | 000,524,288 | -HS- | M] () -- C:\Users\Helena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011/12/07 17:43:53 | 000,065,536 | -HS- | M] () -- C:\Users\Helena\ntuser.dat{9002172b-20f2-11e1-8b24-0024542a88ce}.TM.blf [2011/12/07 17:43:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helena\ntuser.dat{9002172b-20f2-11e1-8b24-0024542a88ce}.TMContainer00000000000000000001.regtrans-ms [2011/12/07 17:43:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helena\ntuser.dat{9002172b-20f2-11e1-8b24-0024542a88ce}.TMContainer00000000000000000002.regtrans-ms [2010/07/17 14:00:02 | 000,000,020 | -HS- | M] () -- C:\Users\Helena\ntuser.ini [2011/05/31 11:22:52 | 000,013,336 | ---- | M] () -- C:\Users\Helena\Sankt Jakobs Bruderschaft zur.docx [2012/11/15 22:27:59 | 000,306,572 | ---- | M] () -- C:\Users\Helena\unfinished_by_alexaink-d5igsoj.jpg < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > das extra.txt konnte ich leider nicht finden bin nicht so das computergenie, leider |
06.12.2012, 17:27 | #4 |
/// Malware-holic | bundespolizei trojaner Hi anmerkung, bin ab Morgen, bis Mittwoch im Urlaub download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.12.2012, 17:48 | #5 |
| bundespolizei trojaner danke für deine hilfe. hier der log 17:44:02.0696 2704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:44:03.0008 2704 ============================================================ 17:44:03.0008 2704 Current date / time: 2012/12/06 17:44:03.0008 17:44:03.0008 2704 SystemInfo: 17:44:03.0008 2704 17:44:03.0008 2704 OS Version: 6.1.7601 ServicePack: 1.0 17:44:03.0008 2704 Product type: Workstation 17:44:03.0008 2704 ComputerName: HELENA-PC 17:44:03.0008 2704 UserName: Helena 17:44:03.0008 2704 Windows directory: C:\windows 17:44:03.0008 2704 System windows directory: C:\windows 17:44:03.0008 2704 Processor architecture: Intel x86 17:44:03.0008 2704 Number of processors: 2 17:44:03.0008 2704 Page size: 0x1000 17:44:03.0008 2704 Boot type: Normal boot 17:44:03.0008 2704 ============================================================ 17:44:03.0804 2704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:44:03.0804 2704 ============================================================ 17:44:03.0804 2704 \Device\Harddisk0\DR0: 17:44:03.0804 2704 MBR partitions: 17:44:03.0804 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 17:44:03.0804 2704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FBAB0 17:44:03.0804 2704 ============================================================ 17:44:03.0851 2704 C: <-> \Device\Harddisk0\DR0\Partition2 17:44:03.0851 2704 ============================================================ 17:44:03.0851 2704 Initialize success 17:44:03.0851 2704 ============================================================ 17:44:33.0038 1428 ============================================================ 17:44:33.0038 1428 Scan started 17:44:33.0038 1428 Mode: Manual; SigCheck; 17:44:33.0038 1428 ============================================================ 17:44:34.0021 1428 ================ Scan system memory ======================== 17:44:34.0021 1428 System memory - ok 17:44:34.0021 1428 ================ Scan services ============================= 17:44:34.0474 1428 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 17:44:34.0832 1428 1394ohci - ok 17:44:34.0910 1428 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys 17:44:34.0942 1428 ACPI - ok 17:44:34.0988 1428 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 17:44:35.0066 1428 AcpiPmi - ok 17:44:35.0113 1428 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 17:44:35.0160 1428 adp94xx - ok 17:44:35.0207 1428 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 17:44:35.0254 1428 adpahci - ok 17:44:35.0269 1428 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 17:44:35.0300 1428 adpu320 - ok 17:44:35.0519 1428 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 17:44:35.0628 1428 AeLookupSvc - ok 17:44:35.0722 1428 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys 17:44:35.0800 1428 AFD - ok 17:44:35.0862 1428 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys 17:44:35.0878 1428 agp440 - ok 17:44:35.0971 1428 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys 17:44:35.0987 1428 aic78xx - ok 17:44:36.0034 1428 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe 17:44:36.0080 1428 ALG - ok 17:44:36.0143 1428 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys 17:44:36.0174 1428 aliide - ok 17:44:36.0252 1428 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys 17:44:36.0268 1428 amdagp - ok 17:44:36.0299 1428 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys 17:44:36.0330 1428 amdide - ok 17:44:36.0361 1428 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 17:44:36.0424 1428 AmdK8 - ok 17:44:36.0470 1428 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 17:44:36.0548 1428 AmdPPM - ok 17:44:36.0658 1428 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys 17:44:36.0689 1428 amdsata - ok 17:44:36.0720 1428 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 17:44:36.0736 1428 amdsbs - ok 17:44:36.0782 1428 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys 17:44:36.0814 1428 amdxata - ok 17:44:36.0954 1428 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:44:36.0970 1428 AntiVirSchedulerService - ok 17:44:37.0001 1428 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:44:37.0016 1428 AntiVirService - ok 17:44:37.0094 1428 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys 17:44:37.0204 1428 AppID - ok 17:44:37.0422 1428 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll 17:44:37.0484 1428 AppIDSvc - ok 17:44:37.0562 1428 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll 17:44:37.0609 1428 Appinfo - ok 17:44:37.0672 1428 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys 17:44:37.0703 1428 arc - ok 17:44:37.0750 1428 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 17:44:37.0765 1428 arcsas - ok 17:44:37.0812 1428 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 17:44:37.0921 1428 AsyncMac - ok 17:44:37.0968 1428 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys 17:44:37.0984 1428 atapi - ok 17:44:38.0093 1428 [ 235056492F54268883CE3DEA3ACB9997 ] athr C:\windows\system32\DRIVERS\athr.sys 17:44:38.0327 1428 athr - ok 17:44:38.0436 1428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 17:44:38.0530 1428 AudioEndpointBuilder - ok 17:44:38.0545 1428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll 17:44:38.0592 1428 Audiosrv - ok 17:44:38.0623 1428 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 17:44:38.0639 1428 avgntflt - ok 17:44:38.0686 1428 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 17:44:38.0701 1428 avipbb - ok 17:44:38.0764 1428 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll 17:44:38.0842 1428 AxInstSV - ok 17:44:38.0888 1428 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys 17:44:38.0935 1428 b06bdrv - ok 17:44:38.0982 1428 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys 17:44:39.0013 1428 b57nd60x - ok 17:44:39.0060 1428 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll 17:44:39.0107 1428 BDESVC - ok 17:44:39.0138 1428 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys 17:44:39.0185 1428 Beep - ok 17:44:39.0247 1428 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll 17:44:39.0310 1428 BFE - ok 17:44:39.0356 1428 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll 17:44:39.0450 1428 BITS - ok 17:44:39.0466 1428 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 17:44:39.0559 1428 blbdrive - ok 17:44:39.0590 1428 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys 17:44:39.0668 1428 bowser - ok 17:44:39.0700 1428 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 17:44:39.0793 1428 BrFiltLo - ok 17:44:39.0824 1428 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 17:44:39.0871 1428 BrFiltUp - ok 17:44:39.0902 1428 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll 17:44:39.0965 1428 Browser - ok 17:44:40.0199 1428 [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe 17:44:40.0417 1428 Browser Manager - ok 17:44:40.0464 1428 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys 17:44:40.0573 1428 Brserid - ok 17:44:40.0589 1428 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 17:44:40.0636 1428 BrSerWdm - ok 17:44:40.0698 1428 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 17:44:40.0776 1428 BrUsbMdm - ok 17:44:40.0807 1428 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 17:44:40.0854 1428 BrUsbSer - ok 17:44:40.0916 1428 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 17:44:40.0963 1428 BTHMODEM - ok 17:44:41.0026 1428 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll 17:44:41.0104 1428 bthserv - ok 17:44:41.0119 1428 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 17:44:41.0182 1428 cdfs - ok 17:44:41.0244 1428 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys 17:44:41.0291 1428 cdrom - ok 17:44:41.0369 1428 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll 17:44:41.0416 1428 CertPropSvc - ok 17:44:41.0462 1428 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys 17:44:41.0509 1428 circlass - ok 17:44:41.0556 1428 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys 17:44:41.0572 1428 CLFS - ok 17:44:41.0712 1428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:44:41.0728 1428 clr_optimization_v2.0.50727_32 - ok 17:44:41.0790 1428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:44:41.0852 1428 clr_optimization_v4.0.30319_32 - ok 17:44:41.0884 1428 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 17:44:41.0946 1428 CmBatt - ok 17:44:41.0962 1428 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys 17:44:41.0977 1428 cmdide - ok 17:44:42.0071 1428 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys 17:44:42.0102 1428 CNG - ok 17:44:42.0133 1428 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 17:44:42.0164 1428 Compbatt - ok 17:44:42.0227 1428 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 17:44:42.0242 1428 CompositeBus - ok 17:44:42.0258 1428 COMSysApp - ok 17:44:42.0289 1428 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 17:44:42.0305 1428 crcdisk - ok 17:44:42.0383 1428 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll 17:44:42.0445 1428 CryptSvc - ok 17:44:42.0492 1428 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll 17:44:42.0523 1428 DcomLaunch - ok 17:44:42.0554 1428 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll 17:44:42.0617 1428 defragsvc - ok 17:44:42.0679 1428 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys 17:44:42.0726 1428 DfsC - ok 17:44:42.0788 1428 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll 17:44:42.0898 1428 Dhcp - ok 17:44:42.0929 1428 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys 17:44:42.0976 1428 discache - ok 17:44:43.0054 1428 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys 17:44:43.0085 1428 Disk - ok 17:44:43.0116 1428 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll 17:44:43.0178 1428 Dnscache - ok 17:44:43.0225 1428 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll 17:44:43.0366 1428 dot3svc - ok 17:44:43.0397 1428 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll 17:44:43.0459 1428 DPS - ok 17:44:43.0490 1428 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 17:44:43.0522 1428 drmkaud - ok 17:44:43.0568 1428 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 17:44:43.0600 1428 DXGKrnl - ok 17:44:43.0678 1428 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll 17:44:43.0724 1428 EapHost - ok 17:44:43.0818 1428 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys 17:44:43.0927 1428 ebdrv - ok 17:44:43.0974 1428 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe 17:44:44.0021 1428 EFS - ok 17:44:44.0083 1428 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe 17:44:44.0177 1428 ehRecvr - ok 17:44:44.0208 1428 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe 17:44:44.0255 1428 ehSched - ok 17:44:44.0317 1428 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 17:44:44.0333 1428 elxstor - ok 17:44:44.0458 1428 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys 17:44:44.0504 1428 ErrDev - ok 17:44:44.0551 1428 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll 17:44:44.0598 1428 EventSystem - ok 17:44:44.0629 1428 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys 17:44:44.0676 1428 exfat - ok 17:44:44.0707 1428 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys 17:44:44.0770 1428 fastfat - ok 17:44:44.0832 1428 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe 17:44:44.0894 1428 Fax - ok 17:44:44.0910 1428 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys 17:44:44.0957 1428 fdc - ok 17:44:44.0988 1428 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll 17:44:45.0066 1428 fdPHost - ok 17:44:45.0066 1428 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll 17:44:45.0128 1428 FDResPub - ok 17:44:45.0144 1428 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 17:44:45.0175 1428 FileInfo - ok 17:44:45.0191 1428 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys 17:44:45.0238 1428 Filetrace - ok 17:44:45.0253 1428 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 17:44:45.0316 1428 flpydisk - ok 17:44:45.0347 1428 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 17:44:45.0378 1428 FltMgr - ok 17:44:45.0440 1428 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll 17:44:45.0534 1428 FontCache - ok 17:44:45.0581 1428 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:44:45.0612 1428 FontCache3.0.0.0 - ok 17:44:45.0643 1428 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys 17:44:45.0659 1428 FsDepends - ok 17:44:45.0690 1428 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 17:44:45.0706 1428 fssfltr - ok 17:44:45.0815 1428 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 17:44:45.0908 1428 fsssvc - ok 17:44:46.0018 1428 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 17:44:46.0064 1428 Fs_Rec - ok 17:44:46.0111 1428 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 17:44:46.0142 1428 fvevol - ok 17:44:46.0174 1428 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 17:44:46.0189 1428 gagp30kx - ok 17:44:46.0688 1428 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll 17:44:46.0751 1428 gpsvc - ok 17:44:46.0844 1428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 17:44:46.0876 1428 gupdate - ok 17:44:46.0922 1428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:44:46.0938 1428 gupdatem - ok 17:44:47.0032 1428 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 17:44:47.0063 1428 gusvc - ok 17:44:47.0094 1428 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 17:44:47.0156 1428 hcw85cir - ok 17:44:47.0203 1428 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 17:44:47.0266 1428 HdAudAddService - ok 17:44:47.0297 1428 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 17:44:47.0328 1428 HDAudBus - ok 17:44:47.0359 1428 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 17:44:47.0390 1428 HidBatt - ok 17:44:47.0422 1428 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 17:44:47.0453 1428 HidBth - ok 17:44:47.0484 1428 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys 17:44:47.0515 1428 HidIr - ok 17:44:47.0562 1428 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll 17:44:47.0609 1428 hidserv - ok 17:44:47.0671 1428 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 17:44:47.0702 1428 HidUsb - ok 17:44:47.0765 1428 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll 17:44:47.0812 1428 hkmsvc - ok 17:44:47.0874 1428 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll 17:44:47.0999 1428 HomeGroupListener - ok 17:44:48.0092 1428 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll 17:44:48.0186 1428 HomeGroupProvider - ok 17:44:48.0233 1428 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 17:44:48.0264 1428 HpSAMD - ok 17:44:48.0326 1428 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys 17:44:48.0358 1428 HTTP - ok 17:44:48.0389 1428 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 17:44:48.0404 1428 hwpolicy - ok 17:44:48.0482 1428 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 17:44:48.0498 1428 i8042prt - ok 17:44:48.0576 1428 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 17:44:48.0592 1428 iaStor - ok 17:44:48.0670 1428 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys 17:44:48.0716 1428 iaStorV - ok 17:44:48.0810 1428 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:44:48.0935 1428 idsvc - ok 17:44:49.0200 1428 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys 17:44:49.0684 1428 igfx - ok 17:44:49.0746 1428 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 17:44:49.0762 1428 iirsp - ok 17:44:49.0840 1428 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll 17:44:49.0902 1428 IKEEXT - ok 17:44:50.0058 1428 [ 3202E26501E5E18C35DC2CC74709A704 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys 17:44:50.0120 1428 IntcAzAudAddService - ok 17:44:50.0198 1428 [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys 17:44:50.0245 1428 IntcHdmiAddService - ok 17:44:50.0276 1428 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys 17:44:50.0323 1428 intelide - ok 17:44:50.0432 1428 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 17:44:50.0479 1428 intelppm - ok 17:44:50.0604 1428 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll 17:44:50.0698 1428 IPBusEnum - ok 17:44:50.0729 1428 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 17:44:50.0791 1428 IpFilterDriver - ok 17:44:50.0854 1428 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll 17:44:50.0916 1428 iphlpsvc - ok 17:44:50.0947 1428 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 17:44:51.0025 1428 IPMIDRV - ok 17:44:51.0041 1428 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys 17:44:51.0103 1428 IPNAT - ok 17:44:51.0119 1428 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys 17:44:51.0197 1428 IRENUM - ok 17:44:51.0228 1428 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys 17:44:51.0259 1428 isapnp - ok 17:44:51.0322 1428 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 17:44:51.0400 1428 iScsiPrt - ok 17:44:51.0524 1428 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys 17:44:51.0618 1428 kbdclass - ok 17:44:51.0680 1428 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 17:44:51.0743 1428 kbdhid - ok 17:44:51.0758 1428 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe 17:44:51.0774 1428 KeyIso - ok 17:44:51.0852 1428 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\windows\system32\srvany.exe 17:44:51.0899 1428 KMService ( UnsignedFile.Multi.Generic ) - warning 17:44:51.0899 1428 KMService - detected UnsignedFile.Multi.Generic (1) 17:44:51.0930 1428 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 17:44:51.0961 1428 KSecDD - ok 17:44:51.0977 1428 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 17:44:52.0008 1428 KSecPkg - ok 17:44:52.0055 1428 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll 17:44:52.0133 1428 KtmRm - ok 17:44:52.0164 1428 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll 17:44:52.0242 1428 LanmanServer - ok 17:44:52.0289 1428 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 17:44:52.0336 1428 LanmanWorkstation - ok 17:44:52.0414 1428 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 17:44:52.0460 1428 lltdio - ok 17:44:52.0492 1428 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll 17:44:52.0570 1428 lltdsvc - ok 17:44:52.0679 1428 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll 17:44:52.0772 1428 lmhosts - ok 17:44:52.0804 1428 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 17:44:52.0882 1428 LSI_FC - ok 17:44:52.0913 1428 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 17:44:52.0944 1428 LSI_SAS - ok 17:44:52.0960 1428 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 17:44:52.0975 1428 LSI_SAS2 - ok 17:44:52.0991 1428 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 17:44:53.0022 1428 LSI_SCSI - ok 17:44:53.0053 1428 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys 17:44:53.0131 1428 luafv - ok 17:44:53.0225 1428 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 17:44:53.0240 1428 MBAMProtector - ok 17:44:53.0396 1428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:44:53.0443 1428 MBAMScheduler - ok 17:44:53.0537 1428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 17:44:53.0568 1428 MBAMService - ok 17:44:53.0662 1428 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 17:44:53.0693 1428 Mcx2Svc - ok 17:44:53.0724 1428 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys 17:44:53.0740 1428 megasas - ok 17:44:53.0771 1428 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 17:44:53.0818 1428 MegaSR - ok 17:44:53.0942 1428 Microsoft SharePoint Workspace Audit Service - ok 17:44:54.0005 1428 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll 17:44:54.0067 1428 MMCSS - ok 17:44:54.0114 1428 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys 17:44:54.0176 1428 Modem - ok 17:44:54.0208 1428 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys 17:44:54.0239 1428 monitor - ok 17:44:54.0286 1428 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 17:44:54.0301 1428 mouclass - ok 17:44:54.0348 1428 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 17:44:54.0379 1428 mouhid - ok 17:44:54.0457 1428 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys 17:44:54.0473 1428 mountmgr - ok 17:44:54.0582 1428 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:44:54.0598 1428 MozillaMaintenance - ok 17:44:54.0660 1428 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys 17:44:54.0691 1428 mpio - ok 17:44:54.0722 1428 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 17:44:54.0785 1428 mpsdrv - ok 17:44:54.0816 1428 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll 17:44:54.0878 1428 MpsSvc - ok 17:44:54.0925 1428 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 17:44:54.0956 1428 MRxDAV - ok 17:44:55.0003 1428 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 17:44:55.0050 1428 mrxsmb - ok 17:44:55.0081 1428 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 17:44:55.0144 1428 mrxsmb10 - ok 17:44:55.0175 1428 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 17:44:55.0206 1428 mrxsmb20 - ok 17:44:55.0237 1428 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys 17:44:55.0268 1428 msahci - ok 17:44:55.0300 1428 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys 17:44:55.0331 1428 msdsm - ok 17:44:55.0362 1428 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe 17:44:55.0393 1428 MSDTC - ok 17:44:55.0456 1428 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys 17:44:55.0502 1428 Msfs - ok 17:44:55.0518 1428 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 17:44:55.0580 1428 mshidkmdf - ok 17:44:55.0612 1428 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys 17:44:55.0643 1428 msisadrv - ok 17:44:55.0690 1428 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll 17:44:55.0752 1428 MSiSCSI - ok 17:44:55.0752 1428 msiserver - ok 17:44:55.0783 1428 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 17:44:55.0846 1428 MSKSSRV - ok 17:44:55.0877 1428 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 17:44:55.0939 1428 MSPCLOCK - ok 17:44:55.0955 1428 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 17:44:55.0986 1428 MSPQM - ok 17:44:56.0002 1428 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 17:44:56.0048 1428 MsRPC - ok 17:44:56.0158 1428 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 17:44:56.0173 1428 mssmbios - ok 17:44:56.0236 1428 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 17:44:56.0267 1428 MSTEE - ok 17:44:56.0298 1428 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 17:44:56.0407 1428 MTConfig - ok 17:44:56.0423 1428 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys 17:44:56.0454 1428 Mup - ok 17:44:56.0501 1428 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll 17:44:56.0657 1428 napagent - ok 17:44:56.0704 1428 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 17:44:56.0828 1428 NativeWifiP - ok 17:44:56.0875 1428 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys 17:44:56.0906 1428 NDIS - ok 17:44:56.0922 1428 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 17:44:56.0984 1428 NdisCap - ok 17:44:57.0016 1428 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 17:44:57.0062 1428 NdisTapi - ok 17:44:57.0140 1428 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 17:44:57.0187 1428 Ndisuio - ok 17:44:57.0250 1428 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 17:44:57.0328 1428 NdisWan - ok 17:44:57.0343 1428 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 17:44:57.0406 1428 NDProxy - ok 17:44:57.0452 1428 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 17:44:57.0562 1428 NetBIOS - ok 17:44:57.0608 1428 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 17:44:57.0655 1428 NetBT - ok 17:44:57.0671 1428 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe 17:44:57.0702 1428 Netlogon - ok 17:44:57.0733 1428 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll 17:44:57.0811 1428 Netman - ok 17:44:57.0842 1428 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll 17:44:57.0920 1428 netprofm - ok 17:44:57.0952 1428 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:44:57.0983 1428 NetTcpPortSharing - ok 17:44:58.0030 1428 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 17:44:58.0061 1428 nfrd960 - ok 17:44:58.0092 1428 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll 17:44:58.0186 1428 NlaSvc - ok 17:44:58.0295 1428 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\windows\system32\drivers\ccdcmb.sys 17:44:58.0388 1428 nmwcd - ok 17:44:58.0420 1428 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys 17:44:58.0529 1428 Npfs - ok 17:44:58.0560 1428 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll 17:44:58.0622 1428 nsi - ok 17:44:58.0654 1428 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 17:44:58.0700 1428 nsiproxy - ok 17:44:58.0778 1428 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 17:44:58.0903 1428 Ntfs - ok 17:44:58.0934 1428 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys 17:44:58.0981 1428 Null - ok 17:44:59.0028 1428 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys 17:44:59.0059 1428 nvraid - ok 17:44:59.0106 1428 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys 17:44:59.0168 1428 nvstor - ok 17:44:59.0184 1428 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys 17:44:59.0278 1428 nv_agp - ok 17:44:59.0340 1428 [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe 17:44:59.0356 1428 OberonGameConsoleService - ok 17:44:59.0434 1428 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 17:44:59.0480 1428 ohci1394 - ok 17:44:59.0558 1428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:44:59.0590 1428 ose - ok 17:44:59.0808 1428 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:45:00.0120 1428 osppsvc - ok 17:45:00.0167 1428 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll 17:45:00.0245 1428 p2pimsvc - ok 17:45:00.0292 1428 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll 17:45:00.0338 1428 p2psvc - ok 17:45:00.0370 1428 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys 17:45:00.0401 1428 Parport - ok 17:45:00.0432 1428 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys 17:45:00.0463 1428 partmgr - ok 17:45:00.0479 1428 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys 17:45:00.0510 1428 Parvdm - ok 17:45:00.0541 1428 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll 17:45:00.0557 1428 PcaSvc - ok 17:45:00.0588 1428 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys 17:45:00.0713 1428 pci - ok 17:45:00.0713 1428 Scan interrupted by user! 17:45:00.0713 1428 ================ Scan global =============================== 17:45:00.0713 1428 Scan interrupted by user! 17:45:00.0713 1428 ================ Scan MBR ================================== 17:45:00.0713 1428 Scan interrupted by user! 17:45:00.0713 1428 ================ Scan VBR ================================== 17:45:00.0713 1428 Scan interrupted by user! 17:45:00.0713 1428 ============================================================ 17:45:00.0713 1428 Scan finished 17:45:00.0713 1428 ============================================================ 17:45:00.0728 3572 Detected object count: 1 17:45:00.0728 3572 Actual detected object count: 1 17:45:09.0293 3572 KMService ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:09.0293 3572 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:16.0079 1504 ============================================================ 17:45:16.0079 1504 Scan started 17:45:16.0079 1504 Mode: Manual; SigCheck; TDLFS; 17:45:16.0079 1504 ============================================================ 17:45:16.0360 1504 ================ Scan system memory ======================== 17:45:16.0360 1504 System memory - ok 17:45:16.0375 1504 ================ Scan services ============================= 17:45:16.0672 1504 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 17:45:16.0703 1504 1394ohci - ok 17:45:16.0750 1504 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys 17:45:16.0781 1504 ACPI - ok 17:45:16.0874 1504 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 17:45:16.0890 1504 AcpiPmi - ok 17:45:16.0921 1504 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 17:45:16.0952 1504 adp94xx - ok 17:45:16.0984 1504 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 17:45:16.0999 1504 adpahci - ok 17:45:17.0030 1504 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 17:45:17.0062 1504 adpu320 - ok 17:45:17.0202 1504 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 17:45:17.0218 1504 AeLookupSvc - ok 17:45:17.0405 1504 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys 17:45:17.0420 1504 AFD - ok 17:45:17.0576 1504 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys 17:45:17.0592 1504 agp440 - ok 17:45:17.0670 1504 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys 17:45:17.0686 1504 aic78xx - ok 17:45:17.0732 1504 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe 17:45:17.0748 1504 ALG - ok 17:45:17.0857 1504 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys 17:45:17.0888 1504 aliide - ok 17:45:17.0935 1504 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys 17:45:17.0966 1504 amdagp - ok 17:45:17.0966 1504 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys 17:45:17.0982 1504 amdide - ok 17:45:18.0029 1504 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 17:45:18.0044 1504 AmdK8 - ok 17:45:18.0076 1504 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 17:45:18.0091 1504 AmdPPM - ok 17:45:18.0122 1504 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys 17:45:18.0138 1504 amdsata - ok 17:45:18.0200 1504 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 17:45:18.0232 1504 amdsbs - ok 17:45:18.0247 1504 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys 17:45:18.0263 1504 amdxata - ok 17:45:18.0356 1504 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:45:18.0372 1504 AntiVirSchedulerService - ok 17:45:18.0434 1504 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:45:18.0450 1504 AntiVirService - ok 17:45:18.0497 1504 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys 17:45:18.0528 1504 AppID - ok 17:45:18.0575 1504 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll 17:45:18.0606 1504 AppIDSvc - ok 17:45:18.0653 1504 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll 17:45:18.0684 1504 Appinfo - ok 17:45:18.0715 1504 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys 17:45:18.0746 1504 arc - ok 17:45:18.0778 1504 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 17:45:18.0793 1504 arcsas - ok 17:45:18.0840 1504 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 17:45:18.0871 1504 AsyncMac - ok 17:45:18.0918 1504 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys 17:45:18.0934 1504 atapi - ok 17:45:19.0012 1504 [ 235056492F54268883CE3DEA3ACB9997 ] athr C:\windows\system32\DRIVERS\athr.sys 17:45:19.0058 1504 athr - ok 17:45:19.0121 1504 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 17:45:19.0152 1504 AudioEndpointBuilder - ok 17:45:19.0183 1504 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll 17:45:19.0214 1504 Audiosrv - ok 17:45:19.0246 1504 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 17:45:19.0261 1504 avgntflt - ok 17:45:19.0292 1504 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 17:45:19.0308 1504 avipbb - ok 17:45:19.0386 1504 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll 17:45:19.0402 1504 AxInstSV - ok 17:45:19.0542 1504 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys 17:45:19.0558 1504 b06bdrv - ok 17:45:19.0604 1504 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys 17:45:19.0620 1504 b57nd60x - ok 17:45:19.0682 1504 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll 17:45:19.0698 1504 BDESVC - ok 17:45:19.0729 1504 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys 17:45:19.0760 1504 Beep - ok 17:45:20.0010 1504 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll 17:45:20.0041 1504 BFE - ok 17:45:20.0135 1504 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll 17:45:20.0166 1504 BITS - ok 17:45:20.0197 1504 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 17:45:20.0213 1504 blbdrive - ok 17:45:20.0260 1504 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys 17:45:20.0275 1504 bowser - ok 17:45:20.0306 1504 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 17:45:20.0338 1504 BrFiltLo - ok 17:45:20.0353 1504 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 17:45:20.0369 1504 BrFiltUp - ok 17:45:20.0416 1504 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll 17:45:20.0462 1504 Browser - ok 17:45:20.0728 1504 [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe 17:45:20.0790 1504 Browser Manager - ok 17:45:20.0837 1504 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys 17:45:20.0868 1504 Brserid - ok 17:45:20.0899 1504 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 17:45:20.0930 1504 BrSerWdm - ok 17:45:20.0946 1504 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 17:45:20.0962 1504 BrUsbMdm - ok 17:45:20.0977 1504 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 17:45:21.0008 1504 BrUsbSer - ok 17:45:21.0024 1504 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 17:45:21.0055 1504 BTHMODEM - ok 17:45:21.0180 1504 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll 17:45:21.0227 1504 bthserv - ok 17:45:21.0274 1504 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 17:45:21.0336 1504 cdfs - ok 17:45:21.0398 1504 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys 17:45:21.0414 1504 cdrom - ok 17:45:21.0461 1504 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll 17:45:21.0492 1504 CertPropSvc - ok 17:45:21.0523 1504 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys 17:45:21.0539 1504 circlass - ok 17:45:21.0648 1504 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys 17:45:21.0664 1504 CLFS - ok 17:45:21.0742 1504 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:45:21.0757 1504 clr_optimization_v2.0.50727_32 - ok 17:45:21.0851 1504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:45:21.0882 1504 clr_optimization_v4.0.30319_32 - ok 17:45:21.0898 1504 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 17:45:21.0913 1504 CmBatt - ok 17:45:21.0944 1504 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys 17:45:21.0960 1504 cmdide - ok 17:45:22.0069 1504 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys 17:45:22.0100 1504 CNG - ok 17:45:22.0116 1504 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 17:45:22.0132 1504 Compbatt - ok 17:45:22.0163 1504 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 17:45:22.0210 1504 CompositeBus - ok 17:45:22.0210 1504 COMSysApp - ok 17:45:22.0225 1504 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 17:45:22.0241 1504 crcdisk - ok 17:45:22.0303 1504 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll 17:45:22.0334 1504 CryptSvc - ok 17:45:22.0366 1504 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll 17:45:22.0412 1504 DcomLaunch - ok 17:45:22.0459 1504 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll 17:45:22.0490 1504 defragsvc - ok 17:45:22.0584 1504 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys 17:45:22.0615 1504 DfsC - ok 17:45:22.0662 1504 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll 17:45:22.0693 1504 Dhcp - ok 17:45:22.0724 1504 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys 17:45:22.0771 1504 discache - ok 17:45:22.0787 1504 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys 17:45:22.0802 1504 Disk - ok 17:45:22.0849 1504 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll 17:45:22.0880 1504 Dnscache - ok 17:45:22.0927 1504 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll 17:45:22.0974 1504 dot3svc - ok 17:45:23.0036 1504 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll 17:45:23.0068 1504 DPS - ok 17:45:23.0146 1504 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 17:45:23.0161 1504 drmkaud - ok 17:45:23.0224 1504 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 17:45:23.0255 1504 DXGKrnl - ok 17:45:23.0286 1504 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll 17:45:23.0333 1504 EapHost - ok 17:45:23.0411 1504 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys 17:45:23.0473 1504 ebdrv - ok 17:45:23.0520 1504 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe 17:45:23.0536 1504 EFS - ok 17:45:23.0676 1504 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe 17:45:23.0723 1504 ehRecvr - ok 17:45:23.0738 1504 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe 17:45:23.0754 1504 ehSched - ok 17:45:23.0801 1504 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 17:45:23.0832 1504 elxstor - ok 17:45:23.0863 1504 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys 17:45:23.0894 1504 ErrDev - ok 17:45:23.0972 1504 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll 17:45:24.0004 1504 EventSystem - ok 17:45:24.0035 1504 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys 17:45:24.0082 1504 exfat - ok 17:45:24.0113 1504 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys 17:45:24.0144 1504 fastfat - ok 17:45:24.0191 1504 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe 17:45:24.0238 1504 Fax - ok 17:45:24.0253 1504 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys 17:45:24.0269 1504 fdc - ok 17:45:24.0300 1504 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll 17:45:24.0331 1504 fdPHost - ok 17:45:24.0362 1504 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll 17:45:24.0394 1504 FDResPub - ok 17:45:24.0409 1504 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 17:45:24.0440 1504 FileInfo - ok 17:45:24.0456 1504 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys 17:45:24.0487 1504 Filetrace - ok 17:45:24.0518 1504 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 17:45:24.0534 1504 flpydisk - ok 17:45:24.0550 1504 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 17:45:24.0581 1504 FltMgr - ok 17:45:24.0674 1504 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll 17:45:24.0706 1504 FontCache - ok 17:45:24.0799 1504 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:45:24.0815 1504 FontCache3.0.0.0 - ok 17:45:24.0862 1504 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys 17:45:24.0877 1504 FsDepends - ok 17:45:24.0908 1504 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 17:45:24.0924 1504 fssfltr - ok 17:45:25.0064 1504 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 17:45:25.0096 1504 fsssvc - ok 17:45:25.0158 1504 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 17:45:25.0174 1504 Fs_Rec - ok 17:45:25.0220 1504 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 17:45:25.0252 1504 fvevol - ok 17:45:25.0298 1504 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 17:45:25.0330 1504 gagp30kx - ok 17:45:25.0376 1504 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll 17:45:25.0470 1504 gpsvc - ok 17:45:25.0564 1504 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 17:45:25.0579 1504 gupdate - ok 17:45:25.0595 1504 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:45:25.0610 1504 gupdatem - ok 17:45:25.0673 1504 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 17:45:25.0688 1504 gusvc - ok 17:45:25.0704 1504 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 17:45:25.0782 1504 hcw85cir - ok 17:45:25.0985 1504 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 17:45:26.0094 1504 HdAudAddService - ok 17:45:26.0141 1504 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 17:45:26.0156 1504 HDAudBus - ok 17:45:26.0203 1504 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 17:45:26.0281 1504 HidBatt - ok 17:45:26.0312 1504 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 17:45:26.0406 1504 HidBth - ok 17:45:26.0422 1504 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys 17:45:26.0453 1504 HidIr - ok 17:45:26.0484 1504 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll 17:45:26.0546 1504 hidserv - ok 17:45:26.0562 1504 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 17:45:26.0578 1504 HidUsb - ok 17:45:26.0671 1504 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll 17:45:26.0702 1504 hkmsvc - ok 17:45:26.0718 1504 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll 17:45:26.0749 1504 HomeGroupListener - ok 17:45:26.0796 1504 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll 17:45:26.0812 1504 HomeGroupProvider - ok 17:45:26.0858 1504 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 17:45:26.0874 1504 HpSAMD - ok 17:45:26.0952 1504 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys 17:45:26.0983 1504 HTTP - ok 17:45:27.0014 1504 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 17:45:27.0046 1504 hwpolicy - ok 17:45:27.0124 1504 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 17:45:27.0155 1504 i8042prt - ok 17:45:27.0186 1504 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 17:45:27.0202 1504 iaStor - ok 17:45:27.0233 1504 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys 17:45:27.0264 1504 iaStorV - ok 17:45:27.0467 1504 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:45:27.0498 1504 idsvc - ok 17:45:27.0888 1504 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys 17:45:28.0013 1504 igfx - ok 17:45:28.0060 1504 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 17:45:28.0075 1504 iirsp - ok 17:45:28.0138 1504 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll 17:45:28.0184 1504 IKEEXT - ok 17:45:28.0309 1504 [ 3202E26501E5E18C35DC2CC74709A704 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys 17:45:28.0387 1504 IntcAzAudAddService - ok 17:45:28.0512 1504 [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys 17:45:28.0559 1504 IntcHdmiAddService - ok 17:45:28.0590 1504 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys 17:45:28.0606 1504 intelide - ok 17:45:28.0668 1504 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 17:45:28.0684 1504 intelppm - ok 17:45:28.0762 1504 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll 17:45:28.0793 1504 IPBusEnum - ok 17:45:28.0824 1504 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 17:45:28.0855 1504 IpFilterDriver - ok 17:45:28.0996 1504 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll 17:45:29.0042 1504 iphlpsvc - ok 17:45:29.0089 1504 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 17:45:29.0105 1504 IPMIDRV - ok 17:45:29.0136 1504 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys 17:45:29.0183 1504 IPNAT - ok 17:45:29.0214 1504 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys 17:45:29.0230 1504 IRENUM - ok 17:45:29.0261 1504 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys 17:45:29.0276 1504 isapnp - ok 17:45:29.0370 1504 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 17:45:29.0401 1504 iScsiPrt - ok 17:45:29.0417 1504 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys 17:45:29.0432 1504 kbdclass - ok 17:45:29.0557 1504 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 17:45:29.0651 1504 kbdhid - ok 17:45:29.0682 1504 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe 17:45:29.0729 1504 KeyIso - ok 17:45:29.0822 1504 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\windows\system32\srvany.exe 17:45:29.0822 1504 KMService ( UnsignedFile.Multi.Generic ) - warning 17:45:29.0822 1504 KMService - detected UnsignedFile.Multi.Generic (1) 17:45:29.0869 1504 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 17:45:29.0885 1504 KSecDD - ok 17:45:29.0916 1504 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 17:45:29.0932 1504 KSecPkg - ok 17:45:29.0978 1504 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll 17:45:30.0010 1504 KtmRm - ok 17:45:30.0041 1504 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll 17:45:30.0088 1504 LanmanServer - ok 17:45:30.0103 1504 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 17:45:30.0134 1504 LanmanWorkstation - ok 17:45:30.0181 1504 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 17:45:30.0228 1504 lltdio - ok 17:45:30.0290 1504 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll 17:45:30.0337 1504 lltdsvc - ok 17:45:30.0368 1504 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll 17:45:30.0400 1504 lmhosts - ok 17:45:30.0431 1504 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 17:45:30.0462 1504 LSI_FC - ok 17:45:30.0478 1504 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 17:45:30.0493 1504 LSI_SAS - ok 17:45:30.0509 1504 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 17:45:30.0540 1504 LSI_SAS2 - ok 17:45:30.0556 1504 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 17:45:30.0571 1504 LSI_SCSI - ok 17:45:30.0602 1504 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys 17:45:30.0634 1504 luafv - ok 17:45:30.0712 1504 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 17:45:30.0727 1504 MBAMProtector - ok 17:45:30.0946 1504 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:45:30.0977 1504 MBAMScheduler - ok 17:45:31.0195 1504 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 17:45:31.0226 1504 MBAMService - ok 17:45:31.0273 1504 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 17:45:31.0289 1504 Mcx2Svc - ok 17:45:31.0523 1504 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys 17:45:31.0538 1504 megasas - ok 17:45:31.0554 1504 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 17:45:31.0585 1504 MegaSR - ok 17:45:31.0679 1504 Microsoft SharePoint Workspace Audit Service - ok 17:45:31.0726 1504 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll 17:45:31.0757 1504 MMCSS - ok 17:45:31.0772 1504 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys 17:45:31.0804 1504 Modem - ok 17:45:31.0819 1504 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys 17:45:31.0835 1504 monitor - ok 17:45:31.0882 1504 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 17:45:31.0897 1504 mouclass - ok 17:45:31.0928 1504 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 17:45:31.0944 1504 mouhid - ok 17:45:32.0131 1504 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys 17:45:32.0162 1504 mountmgr - ok 17:45:32.0209 1504 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:45:32.0225 1504 MozillaMaintenance - ok 17:45:32.0272 1504 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys 17:45:32.0287 1504 mpio - ok 17:45:32.0350 1504 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 17:45:32.0412 1504 mpsdrv - ok 17:45:32.0521 1504 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll 17:45:32.0584 1504 MpsSvc - ok 17:45:32.0662 1504 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 17:45:32.0724 1504 MRxDAV - ok 17:45:32.0818 1504 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 17:45:32.0864 1504 mrxsmb - ok 17:45:32.0911 1504 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 17:45:32.0927 1504 mrxsmb10 - ok 17:45:32.0942 1504 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 17:45:32.0958 1504 mrxsmb20 - ok 17:45:33.0005 1504 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys 17:45:33.0036 1504 msahci - ok 17:45:33.0067 1504 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys 17:45:33.0083 1504 msdsm - ok 17:45:33.0161 1504 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe 17:45:33.0176 1504 MSDTC - ok 17:45:33.0239 1504 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys 17:45:33.0286 1504 Msfs - ok 17:45:33.0301 1504 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 17:45:33.0332 1504 mshidkmdf - ok 17:45:33.0395 1504 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys 17:45:33.0426 1504 msisadrv - ok 17:45:33.0457 1504 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll 17:45:33.0488 1504 MSiSCSI - ok 17:45:33.0504 1504 msiserver - ok 17:45:33.0520 1504 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 17:45:33.0566 1504 MSKSSRV - ok 17:45:33.0582 1504 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 17:45:33.0613 1504 MSPCLOCK - ok 17:45:33.0660 1504 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 17:45:33.0691 1504 MSPQM - ok 17:45:33.0816 1504 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 17:45:33.0832 1504 MsRPC - ok 17:45:33.0878 1504 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 17:45:33.0894 1504 mssmbios - ok 17:45:33.0910 1504 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 17:45:33.0956 1504 MSTEE - ok 17:45:34.0300 1504 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 17:45:34.0378 1504 MTConfig - ok 17:45:34.0393 1504 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys 17:45:34.0424 1504 Mup - ok 17:45:34.0456 1504 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll 17:45:34.0502 1504 napagent - ok 17:45:34.0534 1504 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 17:45:34.0549 1504 NativeWifiP - ok 17:45:34.0596 1504 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys 17:45:34.0643 1504 NDIS - ok 17:45:34.0674 1504 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 17:45:34.0705 1504 NdisCap - ok 17:45:34.0721 1504 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 17:45:34.0752 1504 NdisTapi - ok 17:45:34.0783 1504 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 17:45:34.0830 1504 Ndisuio - ok 17:45:34.0861 1504 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 17:45:34.0892 1504 NdisWan - ok 17:45:34.0908 1504 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 17:45:34.0955 1504 NDProxy - ok 17:45:34.0970 1504 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 17:45:35.0002 1504 NetBIOS - ok 17:45:35.0048 1504 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 17:45:35.0095 1504 NetBT - ok 17:45:35.0111 1504 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe 17:45:35.0142 1504 Netlogon - ok 17:45:35.0173 1504 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll 17:45:35.0220 1504 Netman - ok 17:45:35.0267 1504 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll 17:45:35.0314 1504 netprofm - ok 17:45:35.0345 1504 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:45:35.0360 1504 NetTcpPortSharing - ok 17:45:35.0392 1504 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 17:45:35.0407 1504 nfrd960 - ok 17:45:35.0454 1504 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll 17:45:35.0485 1504 NlaSvc - ok 17:45:35.0532 1504 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\windows\system32\drivers\ccdcmb.sys 17:45:35.0594 1504 nmwcd - ok 17:45:35.0594 1504 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys 17:45:35.0641 1504 Npfs - ok 17:45:35.0672 1504 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll 17:45:35.0704 1504 nsi - ok 17:45:35.0735 1504 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 17:45:35.0766 1504 nsiproxy - ok 17:45:35.0844 1504 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 17:45:35.0891 1504 Ntfs - ok 17:45:35.0906 1504 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys 17:45:35.0938 1504 Null - ok 17:45:35.0984 1504 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys 17:45:36.0000 1504 nvraid - ok 17:45:36.0047 1504 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys 17:45:36.0078 1504 nvstor - ok 17:45:36.0094 1504 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys 17:45:36.0109 1504 nv_agp - ok 17:45:36.0187 1504 [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe 17:45:36.0203 1504 OberonGameConsoleService - ok 17:45:36.0234 1504 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 17:45:36.0281 1504 ohci1394 - ok 17:45:36.0359 1504 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:45:36.0374 1504 ose - ok 17:45:36.0530 1504 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:45:36.0624 1504 osppsvc - ok 17:45:36.0671 1504 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll 17:45:36.0702 1504 p2pimsvc - ok 17:45:36.0749 1504 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll 17:45:36.0780 1504 p2psvc - ok 17:45:36.0827 1504 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys 17:45:36.0842 1504 Parport - ok 17:45:36.0889 1504 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys 17:45:36.0905 1504 partmgr - ok 17:45:36.0936 1504 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys 17:45:36.0952 1504 Parvdm - ok 17:45:36.0967 1504 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll 17:45:36.0998 1504 PcaSvc - ok 17:45:37.0045 1504 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys 17:45:37.0076 1504 pci - ok 17:45:37.0108 1504 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys 17:45:37.0123 1504 pciide - ok 17:45:37.0154 1504 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 17:45:37.0201 1504 pcmcia - ok 17:45:37.0201 1504 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys 17:45:37.0232 1504 pcw - ok 17:45:37.0264 1504 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys 17:45:37.0326 1504 PEAUTH - ok 17:45:37.0420 1504 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll 17:45:37.0560 1504 pla - ok 17:45:37.0654 1504 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll 17:45:37.0716 1504 PlugPlay - ok 17:45:37.0747 1504 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 17:45:37.0778 1504 PNRPAutoReg - ok 17:45:37.0825 1504 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll 17:45:37.0841 1504 PNRPsvc - ok 17:45:37.0872 1504 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll 17:45:37.0934 1504 PolicyAgent - ok 17:45:37.0981 1504 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll 17:45:38.0028 1504 Power - ok 17:45:38.0059 1504 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 17:45:38.0106 1504 PptpMiniport - ok 17:45:38.0122 1504 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys 17:45:38.0153 1504 Processor - ok 17:45:38.0200 1504 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll 17:45:38.0246 1504 ProfSvc - ok 17:45:38.0278 1504 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe 17:45:38.0293 1504 ProtectedStorage - ok 17:45:38.0324 1504 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys 17:45:38.0371 1504 Psched - ok 17:45:38.0418 1504 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 17:45:38.0512 1504 ql2300 - ok 17:45:38.0527 1504 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 17:45:38.0558 1504 ql40xx - ok 17:45:38.0590 1504 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll 17:45:38.0668 1504 QWAVE - ok 17:45:38.0699 1504 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 17:45:38.0730 1504 QWAVEdrv - ok 17:45:38.0761 1504 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 17:45:38.0808 1504 RasAcd - ok 17:45:38.0855 1504 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 17:45:38.0902 1504 RasAgileVpn - ok 17:45:38.0917 1504 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll 17:45:38.0964 1504 RasAuto - ok 17:45:39.0011 1504 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 17:45:39.0058 1504 Rasl2tp - ok 17:45:39.0136 1504 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll 17:45:39.0198 1504 RasMan - ok 17:45:39.0214 1504 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 17:45:39.0260 1504 RasPppoe - ok 17:45:39.0292 1504 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 17:45:39.0370 1504 RasSstp - ok 17:45:39.0416 1504 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 17:45:39.0479 1504 rdbss - ok 17:45:39.0494 1504 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 17:45:39.0557 1504 rdpbus - ok 17:45:39.0588 1504 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 17:45:39.0635 1504 RDPCDD - ok 17:45:39.0682 1504 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 17:45:39.0729 1504 RDPENCDD - ok 17:45:39.0744 1504 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 17:45:39.0775 1504 RDPREFMP - ok 17:45:39.0822 1504 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 17:45:39.0869 1504 RDPWD - ok 17:45:39.0947 1504 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 17:45:39.0978 1504 rdyboost - ok 17:45:40.0009 1504 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll 17:45:40.0056 1504 RemoteAccess - ok 17:45:40.0087 1504 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll 17:45:40.0150 1504 RemoteRegistry - ok 17:45:40.0259 1504 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe 17:45:40.0275 1504 RichVideo - ok 17:45:40.0306 1504 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 17:45:40.0353 1504 RpcEptMapper - ok 17:45:40.0384 1504 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe 17:45:40.0431 1504 RpcLocator - ok 17:45:40.0462 1504 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll 17:45:40.0493 1504 RpcSs - ok 17:45:40.0555 1504 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 17:45:40.0602 1504 rspndr - ok 17:45:40.0665 1504 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys 17:45:40.0727 1504 RTL8167 - ok 17:45:40.0758 1504 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys 17:45:40.0821 1504 SABI - ok 17:45:40.0836 1504 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe 17:45:40.0867 1504 SamSs - ok 17:45:40.0899 1504 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys 17:45:40.0930 1504 sbp2port - ok 17:45:40.0961 1504 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll 17:45:41.0023 1504 SCardSvr - ok 17:45:41.0055 1504 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 17:45:41.0086 1504 scfilter - ok 17:45:41.0148 1504 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll 17:45:41.0242 1504 Schedule - ok 17:45:41.0257 1504 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll 17:45:41.0289 1504 SCPolicySvc - ok 17:45:41.0335 1504 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll 17:45:41.0398 1504 SDRSVC - ok 17:45:41.0445 1504 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys 17:45:41.0569 1504 secdrv - ok 17:45:41.0616 1504 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll 17:45:41.0694 1504 seclogon - ok 17:45:41.0725 1504 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll 17:45:41.0772 1504 SENS - ok 17:45:41.0803 1504 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll 17:45:41.0850 1504 SensrSvc - ok 17:45:41.0881 1504 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys 17:45:41.0944 1504 Serenum - ok 17:45:41.0975 1504 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys 17:45:42.0022 1504 Serial - ok 17:45:42.0053 1504 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 17:45:42.0084 1504 sermouse - ok 17:45:42.0147 1504 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll 17:45:42.0193 1504 SessionEnv - ok 17:45:42.0225 1504 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys 17:45:42.0287 1504 sffdisk - ok 17:45:42.0318 1504 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 17:45:42.0349 1504 sffp_mmc - ok 17:45:42.0381 1504 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 17:45:42.0412 1504 sffp_sd - ok 17:45:42.0443 1504 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 17:45:42.0474 1504 sfloppy - ok 17:45:42.0537 1504 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll 17:45:42.0646 1504 SharedAccess - ok 17:45:42.0693 1504 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll 17:45:42.0739 1504 ShellHWDetection - ok 17:45:42.0786 1504 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys 17:45:42.0817 1504 sisagp - ok 17:45:42.0849 1504 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 17:45:42.0864 1504 SiSRaid2 - ok 17:45:42.0895 1504 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 17:45:42.0911 1504 SiSRaid4 - ok 17:45:43.0005 1504 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 17:45:43.0020 1504 SkypeUpdate - ok 17:45:43.0051 1504 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys 17:45:43.0114 1504 Smb - ok 17:45:43.0161 1504 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe 17:45:43.0192 1504 SNMPTRAP - ok 17:45:43.0207 1504 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys 17:45:43.0239 1504 spldr - ok 17:45:43.0285 1504 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe 17:45:43.0348 1504 Spooler - ok 17:45:43.0473 1504 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe 17:45:43.0535 1504 sppsvc - ok 17:45:43.0597 1504 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll 17:45:43.0691 1504 sppuinotify - ok 17:45:43.0785 1504 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys 17:45:43.0785 1504 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505 17:45:43.0785 1504 sptd ( LockedFile.Multi.Generic ) - warning 17:45:43.0785 1504 sptd - detected LockedFile.Multi.Generic (1) 17:45:43.0831 1504 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\windows\system32\drivers\sp_rsdrv2.sys 17:45:43.0863 1504 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning 17:45:43.0863 1504 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1) 17:45:43.0925 1504 [ 642180B8F50E7FC1FBAF87C718E259D6 ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe 17:45:43.0956 1504 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning 17:45:43.0956 1504 sp_rssrv - detected UnsignedFile.Multi.Generic (1) 17:45:44.0003 1504 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys 17:45:44.0050 1504 srv - ok 17:45:44.0081 1504 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys 17:45:44.0112 1504 srv2 - ok 17:45:44.0143 1504 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 17:45:44.0175 1504 srvnet - ok 17:45:44.0221 1504 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 17:45:44.0253 1504 SSDPSRV - ok 17:45:44.0284 1504 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys 17:45:44.0315 1504 ssmdrv - ok 17:45:44.0331 1504 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll 17:45:44.0377 1504 SstpSvc - ok 17:45:44.0424 1504 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 17:45:44.0455 1504 stexstor - ok 17:45:44.0518 1504 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll 17:45:44.0549 1504 StiSvc - ok 17:45:44.0596 1504 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys 17:45:44.0611 1504 swenum - ok 17:45:44.0736 1504 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 17:45:44.0783 1504 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 17:45:44.0783 1504 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 17:45:44.0830 1504 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll 17:45:44.0892 1504 swprv - ok 17:45:44.0939 1504 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 17:45:44.0986 1504 SynTP - ok 17:45:45.0033 1504 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll 17:45:45.0095 1504 SysMain - ok 17:45:45.0142 1504 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll 17:45:45.0189 1504 TabletInputService - ok 17:45:45.0220 1504 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll 17:45:45.0298 1504 TapiSrv - ok 17:45:45.0345 1504 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll 17:45:45.0391 1504 TBS - ok 17:45:45.0547 1504 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys 17:45:45.0688 1504 Tcpip - ok 17:45:45.0719 1504 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 17:45:45.0750 1504 TCPIP6 - ok 17:45:45.0797 1504 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 17:45:45.0844 1504 tcpipreg - ok 17:45:45.0875 1504 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 17:45:45.0922 1504 TDPIPE - ok 17:45:45.0969 1504 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 17:45:46.0015 1504 TDTCP - ok 17:45:46.0062 1504 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys 17:45:46.0109 1504 tdx - ok 17:45:46.0156 1504 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys 17:45:46.0171 1504 TermDD - ok 17:45:46.0218 1504 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll 17:45:46.0265 1504 TermService - ok 17:45:46.0296 1504 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll 17:45:46.0343 1504 Themes - ok 17:45:46.0374 1504 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll 17:45:46.0405 1504 THREADORDER - ok 17:45:46.0437 1504 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll 17:45:46.0499 1504 TrkWks - ok 17:45:46.0577 1504 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 17:45:46.0624 1504 TrustedInstaller - ok 17:45:46.0671 1504 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 17:45:46.0717 1504 tssecsrv - ok 17:45:46.0795 1504 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 17:45:46.0827 1504 TsUsbFlt - ok 17:45:46.0889 1504 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 17:45:46.0920 1504 tunnel - ok 17:45:46.0951 1504 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 17:45:46.0983 1504 uagp35 - ok 17:45:47.0029 1504 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys 17:45:47.0092 1504 udfs - ok 17:45:47.0139 1504 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe 17:45:47.0185 1504 UI0Detect - ok 17:45:47.0217 1504 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 17:45:47.0248 1504 uliagpkx - ok 17:45:47.0326 1504 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys 17:45:47.0373 1504 umbus - ok 17:45:47.0404 1504 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys 17:45:47.0451 1504 UmPass - ok 17:45:47.0482 1504 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll 17:45:47.0544 1504 upnphost - ok 17:45:47.0669 1504 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys 17:45:47.0716 1504 usbaudio - ok 17:45:47.0747 1504 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 17:45:47.0794 1504 usbccgp - ok 17:45:47.0809 1504 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys 17:45:47.0872 1504 usbcir - ok 17:45:47.0903 1504 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 17:45:47.0934 1504 usbehci - ok 17:45:47.0965 1504 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 17:45:48.0012 1504 usbhub - ok 17:45:48.0043 1504 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys 17:45:48.0059 1504 usbohci - ok 17:45:48.0106 1504 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 17:45:48.0153 1504 usbprint - ok 17:45:48.0168 1504 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 17:45:48.0215 1504 USBSTOR - ok 17:45:48.0246 1504 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys 17:45:48.0277 1504 usbuhci - ok 17:45:48.0340 1504 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 17:45:48.0402 1504 usbvideo - ok 17:45:48.0449 1504 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys 17:45:48.0511 1504 usb_rndisx - ok 17:45:48.0543 1504 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll 17:45:48.0574 1504 UxSms - ok 17:45:48.0605 1504 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe 17:45:48.0621 1504 VaultSvc - ok 17:45:48.0683 1504 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 17:45:48.0714 1504 vdrvroot - ok 17:45:48.0761 1504 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe 17:45:48.0839 1504 vds - ok 17:45:48.0870 1504 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys 17:45:48.0901 1504 vga - ok 17:45:48.0917 1504 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys 17:45:48.0979 1504 VgaSave - ok 17:45:49.0011 1504 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys 17:45:49.0042 1504 vhdmp - ok 17:45:49.0135 1504 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys 17:45:49.0182 1504 viaagp - ok 17:45:49.0229 1504 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys 17:45:49.0276 1504 ViaC7 - ok 17:45:49.0323 1504 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys 17:45:49.0354 1504 viaide - ok 17:45:49.0447 1504 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys 17:45:49.0572 1504 volmgr - ok 17:45:49.0603 1504 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys 17:45:49.0619 1504 volmgrx - ok 17:45:49.0681 1504 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys 17:45:49.0728 1504 volsnap - ok 17:45:49.0759 1504 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 17:45:49.0791 1504 vsmraid - ok 17:45:49.0853 1504 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe 17:45:49.0962 1504 VSS - ok 17:45:49.0993 1504 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 17:45:50.0025 1504 vwifibus - ok 17:45:50.0056 1504 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 17:45:50.0103 1504 vwififlt - ok 17:45:50.0134 1504 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll 17:45:50.0181 1504 W32Time - ok 17:45:50.0243 1504 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 17:45:50.0274 1504 WacomPen - ok 17:45:50.0337 1504 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 17:45:50.0571 1504 WANARP - ok 17:45:50.0633 1504 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 17:45:50.0664 1504 Wanarpv6 - ok 17:45:50.0773 1504 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 17:45:50.0914 1504 WatAdminSvc - ok 17:45:50.0992 1504 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe 17:45:51.0117 1504 wbengine - ok 17:45:51.0163 1504 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 17:45:51.0210 1504 WbioSrvc - ok 17:45:51.0273 1504 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll 17:45:51.0335 1504 wcncsvc - ok 17:45:51.0366 1504 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 17:45:51.0413 1504 WcsPlugInService - ok 17:45:51.0444 1504 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys 17:45:51.0475 1504 Wd - ok 17:45:51.0538 1504 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 17:45:51.0585 1504 Wdf01000 - ok 17:45:51.0600 1504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll 17:45:51.0678 1504 WdiServiceHost - ok 17:45:51.0694 1504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll 17:45:51.0725 1504 WdiSystemHost - ok 17:45:51.0772 1504 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll 17:45:51.0834 1504 WebClient - ok 17:45:51.0865 1504 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll 17:45:51.0897 1504 Wecsvc - ok 17:45:51.0928 1504 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll 17:45:51.0959 1504 wercplsupport - ok 17:45:52.0006 1504 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll 17:45:52.0053 1504 WerSvc - ok 17:45:52.0099 1504 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 17:45:52.0162 1504 WfpLwf - ok 17:45:52.0209 1504 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys 17:45:52.0224 1504 WIMMount - ok 17:45:52.0302 1504 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:45:52.0365 1504 WinDefend - ok 17:45:52.0380 1504 WinHttpAutoProxySvc - ok 17:45:52.0458 1504 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 17:45:52.0505 1504 Winmgmt - ok 17:45:52.0583 1504 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll 17:45:52.0677 1504 WinRM - ok 17:45:52.0770 1504 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 17:45:52.0801 1504 WinUsb - ok 17:45:52.0848 1504 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll 17:45:52.0895 1504 Wlansvc - ok 17:45:52.0942 1504 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 17:45:52.0989 1504 WmiAcpi - ok 17:45:53.0051 1504 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 17:45:53.0113 1504 wmiApSrv - ok 17:45:53.0223 1504 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:45:53.0269 1504 WMPNetworkSvc - ok 17:45:53.0301 1504 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll 17:45:53.0332 1504 WPCSvc - ok 17:45:53.0363 1504 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 17:45:53.0394 1504 WPDBusEnum - ok 17:45:53.0441 1504 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 17:45:53.0488 1504 ws2ifsl - ok 17:45:53.0519 1504 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll 17:45:53.0535 1504 wscsvc - ok 17:45:53.0550 1504 WSearch - ok 17:45:53.0691 1504 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll 17:45:53.0737 1504 wuauserv - ok 17:45:53.0784 1504 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys 17:45:53.0815 1504 WudfPf - ok 17:45:53.0847 1504 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 17:45:53.0878 1504 WUDFRd - ok 17:45:53.0925 1504 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll 17:45:53.0940 1504 wudfsvc - ok 17:45:53.0971 1504 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll 17:45:54.0034 1504 WwanSvc - ok 17:45:54.0081 1504 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys 17:45:54.0143 1504 yukonw7 - ok 17:45:54.0190 1504 ================ Scan global =============================== 17:45:54.0237 1504 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll 17:45:54.0283 1504 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll 17:45:54.0299 1504 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll 17:45:54.0330 1504 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll 17:45:54.0361 1504 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe 17:45:54.0377 1504 [Global] - ok 17:45:54.0377 1504 ================ Scan MBR ================================== 17:45:54.0393 1504 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 17:45:55.0063 1504 \Device\Harddisk0\DR0 - ok 17:45:55.0079 1504 ================ Scan VBR ================================== 17:45:55.0079 1504 [ 80F1F6505F4F7557F37C3705680228DC ] \Device\Harddisk0\DR0\Partition1 17:45:55.0079 1504 \Device\Harddisk0\DR0\Partition1 - ok 17:45:55.0126 1504 [ 286C04681AF3147FD0DE6706A9BFC56C ] \Device\Harddisk0\DR0\Partition2 17:45:55.0126 1504 \Device\Harddisk0\DR0\Partition2 - ok 17:45:55.0126 1504 ============================================================ 17:45:55.0126 1504 Scan finished 17:45:55.0126 1504 ============================================================ 17:45:55.0141 0360 Detected object count: 5 17:45:55.0141 0360 Actual detected object count: 5 17:46:24.0235 0360 KMService ( UnsignedFile.Multi.Generic ) - skipped by user 17:46:24.0235 0360 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:46:24.0251 0360 sptd ( LockedFile.Multi.Generic ) - skipped by user 17:46:24.0251 0360 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 17:46:24.0251 0360 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user 17:46:24.0251 0360 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:46:24.0251 0360 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:46:24.0251 0360 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:46:24.0251 0360 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 17:46:24.0251 0360 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.12.2012, 20:57 | #6 | |
/// Malware-holic | bundespolizei trojaner Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> bundespolizei trojaner |
06.12.2012, 21:53 | #7 |
| bundespolizei trojaner hier ist die file. |
06.12.2012, 22:20 | #8 |
/// Malware-holic | bundespolizei trojaner Update bitte Malwarebytes, über die Registerkarte aktualisiren, Vollständiger Scan, Funde löschen, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.12.2012, 22:39 | #9 |
| bundespolizei trojaner danke markus. scan läuft... schönen urlaub, falls wir uns nicht mehr lesen. |
06.12.2012, 22:40 | #10 |
/// Malware-holic | bundespolizei trojaner Danke dir.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.12.2012, 23:57 | #11 |
| bundespolizei trojaner hier das file. |
13.12.2012, 19:30 | #12 |
/// Malware-holic | bundespolizei trojaner Hi hattest du den Fund löschen lassen? Sicherheitshalber Malwarebytes öffnen, aktualisieren, vollständiger Scan, Fund(e) löschen, log posten. danach: lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu bundespolizei trojaner |
.dll, administrator, aktion, anti-malware, appdata, autostart, backdoor.bot, bösartige, dateien, explorer, forum, gen, logfile, malwarebytes, minute, registrierung, scan, service, speicher, temp, tmp, troja, trojaner, version, würde |