Plagegeister aller Art und deren Bekämpfung: www.Startfenster.com entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
www.Startfenster.com entfernen Hallo, ich habe mir den vlc player gedownloadet (weiß nicht mehr wo genau) wusste aber nicht das da mehrere downloads existieren. Jetzt habe ich das Problem das jedes mal wenn ich google chrome aufmache da Startfenster als Startseite kommt, habe schon in den Einstellungen meine alte Startseite zurückgestellt klappt aber nicht. (Bei Chrome zumindest bei iexplorer kommt das nicht mehr), ich habe gelesen das das ein Trojaner sein kann/ist/sein könnte, hab mein Antivirenprogramm (Norten) mal drüber laufen lassen der hat jedoch nichts gefunden... So meine Fragen sind: Ist das ein Trojaner oder nur etwas anderes kleines hartnäckiges? und wie bekomme ich das weg? Was genau soll ich tun? Danke schonmal im Vorraus
www.Startfenster.com entfernen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
ATTFilter activex netsvcs msconfig drivers32 safebootminimal safebootnetwork hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
www.Startfenster.com entfernen Danke das du mir helfen willst
__________________![]() Die OTL ist zu lang für den post und zu groß für den Anhang was soll ich tun? Hier schon mal das andere: Extras: Code:
ATTFilter OTL Extras logfile created on: 06.12.2012 20:47:08 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Russell\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16433) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,98% Memory free 11,33 Gb Paging File | 10,10 Gb Available in Paging File | 89,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,92 Gb Total Space | 188,09 Gb Free Space | 75,87% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 290,51 Gb Free Space | 99,16% Space Free | Partition Type: NTFS Computer Name: RUSS-GAMINGPC | User Name: Russell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0256451B-74DB-4B00-A910-4CC111028357}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0E7BD1CD-5D6C-407C-B4A5-68DBACC88282}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{164B30A4-CEB1-4707-A89D-4C935847FD2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{187C7371-E749-4C0F-BC8A-8FE3EA0AEBEB}" = lport=137 | protocol=17 | dir=in | app=system | "{3EEDF13D-B630-4B9B-9EA2-51CBEF40EAF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41BDC9CC-F78E-4C79-8AF8-ED10634F7F8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43E4C7E4-A098-4EA1-82EB-507EAB97890D}" = lport=2869 | protocol=6 | dir=in | app=system | "{4D54B613-D078-4D95-A1A5-0DE7F3B9297F}" = lport=445 | protocol=6 | dir=in | app=system | "{52DFAA33-7000-4F97-9E5A-5685C255218B}" = rport=10243 | protocol=6 | dir=out | app=system | "{58146F73-53A2-4091-B3B9-F535B4BD184B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{59C223B8-6072-4EA9-92B3-BFF95E034A0E}" = rport=138 | protocol=17 | dir=out | app=system | "{5F3E8864-16DA-4C93-BCFC-99360620E528}" = rport=445 | protocol=6 | dir=out | app=system | "{64BC3169-D247-495C-9FAC-5A52DB4E916E}" = lport=139 | protocol=6 | dir=in | app=system | "{6B8D9DDF-6677-41B7-AC33-0D16AFD13C7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9382A6DF-5E49-449B-B142-A691291EB121}" = rport=139 | protocol=6 | dir=out | app=system | "{B3A45FEB-746B-4AA9-88D1-A599EBFA74C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C01E0977-AB98-4B17-B4F1-6282BF2F2735}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C26CFEBD-1F49-4B72-B251-135B6485D942}" = lport=10243 | protocol=6 | dir=in | app=system | "{CADAD473-29AE-4611-B974-92A62C6334D9}" = lport=138 | protocol=17 | dir=in | app=system | "{E37B2C90-CB06-41F3-B2D5-8583AA4FEE43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F6669CBC-EF06-4F67-9F6B-5A826F6A71A3}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00662546-B038-4507-8B6A-52BB164DF2E2}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{04856FDF-7846-4D7D-8E82-77FB50F34C4A}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{05D1F126-940E-488F-8FF1-E8A5466223AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{068A6B67-9007-4181-B27D-7F5B51A64143}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1326728A-46F4-4C9D-A523-10BDB36D62B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1A2B5710-2B1E-45DA-8104-16D9633EE808}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1C0817AF-22F6-4C5D-A79A-34CB2BF85FC6}" = protocol=17 | dir=in | app=c:\users\russell\desktop\steam.exe | "{26EA1420-5FB3-4BD5-A474-5498EC122880}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{285521A1-F07E-45D5-9C9A-71D656AE1FA3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{2E1D077B-DBAE-42CB-A95E-5754CA432B00}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{2E97F7C5-8AFB-419A-A43F-55FE8E3A73A6}" = protocol=6 | dir=in | app=c:\users\russell\desktop\steam.exe | "{2FC0C975-DB6D-4ECF-B668-382C8602AD20}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2FC7C5A0-740B-4C38-82DA-AD5D4794833C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{343F368C-04C7-4ADA-B806-2635778C6D68}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{344CAE9D-8BAB-4C84-80EC-3E6DA7865E52}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{351E58AB-AB51-4D35-B986-9B247604BEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{444BF403-D6C1-47B0-8865-85BD1921884D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{4CCB1A90-7770-414A-AD4F-EE1D5F10BCB8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{50FCFB5B-9C3F-4E67-82D8-098B45EB3E98}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{60F6F234-56F9-4407-9A7B-CDB54A5D0CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{674B6A15-E6BC-4FCA-9C55-9A746CAE642F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6BF9DD15-5F9E-4130-A9B0-856FA3F62E28}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6C79303D-8539-4FA9-845B-497BF349A962}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{74A12476-DAD5-4C73-81A7-67418734CAA4}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{7702A063-1796-4AD9-944E-95BC8E989F52}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{86C0CE18-A3BC-47B5-AC8F-BEC354197086}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C724CA1-7E27-4368-8AF8-53955310B6E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A2226A77-B978-4423-8E8C-0164BD2B2147}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{A2AC6E61-45C8-4626-BC7F-625AEBE766DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC8DED4D-58BA-4F8C-BFF7-ACC03E1971D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD20D419-213E-4A49-ADC0-0FCEE530E9C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B11364B3-6538-448C-B4D5-3CBDD7B1A5A5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B2CAA5F6-4D61-4164-9386-C7FF32004FB3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{BB0EFBC3-8BF6-4E0B-A39F-2EECECD83501}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BBB9A078-F734-40FD-9ECE-ADC4376BF8CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BE15EEA3-CC48-47E3-94C7-C85CB4148F5D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C4A2EED7-7D7F-4D49-AB73-1A33A978B955}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{CCCD1F4D-BCA2-418F-87C3-C4318B3A6742}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CCECE1EE-7EEC-4A12-98E8-6EB313D07385}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CD81C6F4-5B9D-43D9-B768-E38028A094BA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{CEE6AABC-C520-43A1-820C-BDFDBA2D0EBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CF43624F-F9FA-45AE-B7B0-2C5533DC7242}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D6DF60AE-7C1A-4BAD-867A-9FB20D43D2C5}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{D6FE871D-43F4-4A5A-9D3F-A652D299E09B}" = protocol=58 | dir=in | app=system | "{D79BA8EB-1B74-4292-AD6C-87F278628515}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8A7CA6D-B699-4177-BCD4-22F571F99247}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{DDEE0226-C8EC-4D68-ACF9-4770D9BA7034}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{E46FBB14-5E5B-4B9A-B28D-C1172DCA3ED3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{E4EE2CB7-05E1-4606-87D1-DAD758343065}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E6369F25-BA8D-44B3-98C0-9FD2CC4539E3}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{E6AD813D-3552-4A0C-81B6-D3130319EF30}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E8966065-074B-41AC-A689-F0D28129E295}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{EE22D4F9-081F-4B5B-B242-22AA4D39D0A7}" = protocol=6 | dir=out | app=system | "{EF1FE6D3-4F9E-4E67-8C63-3CF19B208948}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{F17146D4-0865-4C15-BCBE-B86C67AF6844}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F89B8F42-BDBF-46D6-BA83-0B8D381233C9}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{F999E07F-E8B8-4774-A101-D9841181B0A8}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "TCP Query User{66FBB52F-3F86-4D46-8021-AF72BED77193}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{BBB3C40E-99E8-4149-9C10-16BDFB291FEA}C:\users\russell\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\russell\desktop\skype.exe | "UDP Query User{69BBF861-01F2-4159-9930-D73277B83BCE}C:\users\russell\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\russell\desktop\skype.exe | "UDP Query User{F34F0181-DF64-4C08-AC89-5EE2145C0167}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Google Chrome" = Google Chrome "LogMeIn Hamachi" = LogMeIn Hamachi "NIS" = Norton Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "TmNationsForever_is1" = TmNationsForever ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.12.2012 13:58:10 | Computer Name = Russ-Gamingpc | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Paint.NET\Native.x64\PaintDotNet.Native.x64.dll". Die abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.12.2012 07:47:02 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm java.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: db4 Startzeit: 01cdd07d306f15d4 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\Java\jre7\bin\java.exe Berichts-ID: fbf1a27f-3c75-11e2-be82-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 14:09:45 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17c8 Startzeit: 01cdd249fa6f52a7 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: c71bb7be-3e3d-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 14:10:40 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 640 Startzeit: 01cdd24a90e938a6 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: e8c86f28-3e3d-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 14:12:14 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 908 Startzeit: 01cdd24aac2aa05d Endzeit: 4294967295 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: 20de1778-3e3e-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 14:15:02 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2c Startzeit: 01cdd24ae7caa2df Endzeit: 9 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: 83791563-3e3e-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 14:32:08 | Computer Name = Russ-Gamingpc | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea8 Startzeit: 01cdd2456da583a1 Endzeit: 40775 Anwendungspfad: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Berichts-ID: ca12ca6f-3e40-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.12.2012 15:52:11 | Computer Name = Russ-Gamingpc | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433, Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505a98f1 Ausnahmecode: 0xc000041d Fehleroffset: 0x00000000000489d1 ID des fehlerhaften Prozesses: 0xba8 Startzeit der fehlerhaften Anwendung: 0x01cdd245636dad5e Pfad der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\d3d11.dll Berichtskennung: 17818372-3e4c-11e2-be86-10bf48bce829 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 06.12.2012 09:43:34 | Computer Name = Russ-Gamingpc | Source = System Restore | ID = 8210 Description = Error - 06.12.2012 09:52:41 | Computer Name = Russ-Gamingpc | Source = System Restore | ID = 8210 Description = [ System Events ] Error - 23.11.2012 12:58:11 | Computer Name = Russ-Gamingpc | Source = DCOM | ID = 10016 Description = Error - 30.11.2012 12:22:28 | Computer Name = Russ-Gamingpc | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?11.?2012 um 17:07:24 unerwartet heruntergefahren. Error - 04.12.2012 13:20:22 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7030 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 04.12.2012 13:20:23 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error - 04.12.2012 13:20:23 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7000 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.12.2012 07:42:29 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7030 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.12.2012 07:42:30 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error - 05.12.2012 07:42:30 | Computer Name = Russ-Gamingpc | Source = Service Control Manager | ID = 7000 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 06.12.2012 11:45:56 | Computer Name = Russ-Gamingpc | Source = DCOM | ID = 10016 Description = Error - 06.12.2012 12:31:07 | Computer Name = Russ-Gamingpc | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. < End of report > Code:
ATTFilter defogger_disable by jpshortstuff ( Log created at 20:55 on 06/12/2012 (Russell) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- avast! Antirootkit funktioniert nicht mehr Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt wenn eine Lösung verfügbar ist. |
www.Startfenster.com entfernen Servus, du kannst die OTL.txt auch zippen und als Anhang anfügen. Wenn aswMBR nicht funktioniert, dann fahre bitte mit TDSS Killer fort.
www.Startfenster.com entfernen Ok die Otl ist nun in nem .zip Archiv dabei, Hier ist TDSSKiller.
ATTFilter 17:29:18.0588 5828 TDSS rootkit removing tool Oct 31 2012 21:47:35 17:29:18.0842 5828 ============================================================ 17:29:18.0842 5828 Current date / time: 2012/12/07 17:29:18.0842 17:29:18.0842 5828 SystemInfo: 17:29:18.0842 5828 17:29:18.0842 5828 OS Version: 6.2.9200 ServicePack: 0.0 17:29:18.0842 5828 Product type: Workstation 17:29:18.0842 5828 ComputerName: RUSS-GAMINGPC 17:29:18.0843 5828 UserName: Russell 17:29:18.0843 5828 Windows directory: C:\WINDOWS 17:29:18.0843 5828 System windows directory: C:\WINDOWS 17:29:18.0843 5828 Running under WOW64 17:29:18.0843 5828 Processor architecture: Intel x64 17:29:18.0843 5828 Number of processors: 8 17:29:18.0843 5828 Page size: 0x1000 17:29:18.0843 5828 Boot type: Normal boot 17:29:18.0843 5828 ============================================================ 17:29:19.0671 5828 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:29:19.0769 5828 ============================================================ 17:29:19.0769 5828 \Device\Harddisk0\DR0: 17:29:19.0783 5828 MBR partitions: 17:29:19.0783 5828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:29:19.0783 5828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x6, StartLBA 0x32800, BlocksNum 0x30D0E000 17:29:19.0783 5828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D40800, BlocksNum 0x249F0000 17:29:19.0783 5828 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x55730800, BlocksNum 0x1EFD5800 17:29:19.0783 5828 ============================================================ 17:29:19.0818 5828 C: <-> \Device\Harddisk0\DR0\Partition4 17:29:19.0903 5828 E: <-> \Device\Harddisk0\DR0\Partition3 17:29:19.0903 5828 ============================================================ 17:29:19.0904 5828 Initialize success 17:29:19.0904 5828 ============================================================ 17:29:28.0971 5896 ============================================================ 17:29:28.0971 5896 Scan started 17:29:28.0971 5896 Mode: Manual; 17:29:28.0971 5896 ============================================================ 17:29:30.0302 5896 ================ Scan system memory ======================== 17:29:30.0302 5896 System memory - ok 17:29:30.0302 5896 ================ Scan services ============================= 17:29:30.0950 5896 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys 17:29:30.0953 5896 1394ohci - ok 17:29:30.0971 5896 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\WINDOWS\system32\drivers\3ware.sys 17:29:30.0986 5896 3ware - ok 17:29:31.0011 5896 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys 17:29:31.0015 5896 ACPI - ok 17:29:31.0031 5896 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys 17:29:31.0032 5896 acpiex - ok 17:29:31.0044 5896 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys 17:29:31.0045 5896 acpipagr - ok 17:29:31.0058 5896 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys 17:29:31.0058 5896 AcpiPmi - ok 17:29:31.0068 5896 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys 17:29:31.0069 5896 acpitime - ok 17:29:31.0086 5896 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\WINDOWS\system32\drivers\adp94xx.sys 17:29:31.0091 5896 adp94xx - ok 17:29:31.0102 5896 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\WINDOWS\system32\drivers\adpahci.sys 17:29:31.0106 5896 adpahci - ok 17:29:31.0131 5896 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\WINDOWS\system32\drivers\adpu320.sys 17:29:31.0133 5896 adpu320 - ok 17:29:31.0157 5896 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll 17:29:31.0158 5896 AeLookupSvc - ok 17:29:31.0182 5896 [ 9E975BDC89C83900B2C534C4E1B018F8 ] AFD C:\WINDOWS\system32\drivers\afd.sys 17:29:31.0187 5896 AFD - ok 17:29:31.0255 5896 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys 17:29:31.0256 5896 agp440 - ok 17:29:31.0275 5896 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\WINDOWS\System32\alg.exe 17:29:31.0277 5896 ALG - ok 17:29:31.0295 5896 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll 17:29:31.0298 5896 AllUserInstallAgent - ok 17:29:31.0311 5896 [ FB88D16B55F788EEB7590584FE2D8F1A ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys 17:29:31.0313 5896 AmdK8 - ok 17:29:31.0330 5896 [ 81402FF3373CE4DF77D5C874E369A985 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys 17:29:31.0331 5896 AmdPPM - ok 17:29:31.0369 5896 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys 17:29:31.0383 5896 amdsata - ok 17:29:31.0415 5896 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys 17:29:31.0418 5896 amdsbs - ok 17:29:31.0433 5896 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys 17:29:31.0434 5896 amdxata - ok 17:29:31.0451 5896 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\WINDOWS\system32\drivers\appid.sys 17:29:31.0453 5896 AppID - ok 17:29:31.0457 5896 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll 17:29:31.0458 5896 AppIDSvc - ok 17:29:31.0476 5896 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\WINDOWS\System32\appinfo.dll 17:29:31.0477 5896 Appinfo - ok 17:29:31.0554 5896 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:29:31.0556 5896 Apple Mobile Device - ok 17:29:31.0574 5896 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\WINDOWS\system32\drivers\arc.sys 17:29:31.0575 5896 arc - ok 17:29:31.0587 5896 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys 17:29:31.0588 5896 arcsas - ok 17:29:31.0595 5896 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:29:31.0596 5896 AsyncMac - ok 17:29:31.0612 5896 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys 17:29:31.0612 5896 atapi - ok 17:29:31.0681 5896 [ DECE3E2832F125A41A02FB59F4C54EEA ] athr C:\WINDOWS\system32\DRIVERS\athrx.sys 17:29:31.0703 5896 athr - ok 17:29:31.0719 5896 [ 832DAE6F2C29CBA8573D99B9746FB2AD ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll 17:29:31.0720 5896 AudioEndpointBuilder - ok 17:29:31.0734 5896 [ 14497E7A0F6E2BF952E20ACA64F7FB78 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll 17:29:31.0738 5896 Audiosrv - ok 17:29:31.0760 5896 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll 17:29:31.0761 5896 AxInstSV - ok 17:29:31.0789 5896 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys 17:29:31.0792 5896 b06bdrv - ok 17:29:31.0813 5896 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys 17:29:31.0814 5896 BasicDisplay - ok 17:29:31.0820 5896 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys 17:29:31.0820 5896 BasicRender - ok 17:29:31.0847 5896 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\WINDOWS\System32\bdesvc.dll 17:29:31.0849 5896 BDESVC - ok 17:29:31.0865 5896 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:29:31.0866 5896 Beep - ok 17:29:31.0883 5896 [ 407F85D5387EDBB665A7969DF4D4712B ] BFE C:\WINDOWS\System32\bfe.dll 17:29:31.0887 5896 BFE - ok 17:29:32.0014 5896 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121130.005\BHDrvx64.sys 17:29:32.0027 5896 BHDrvx64 - ok 17:29:32.0059 5896 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\WINDOWS\System32\qmgr.dll 17:29:32.0135 5896 BITS - ok 17:29:32.0183 5896 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:29:32.0188 5896 Bonjour Service - ok 17:29:32.0199 5896 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys 17:29:32.0201 5896 bowser - ok 17:29:32.0228 5896 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll 17:29:32.0230 5896 BrokerInfrastructure - ok 17:29:32.0240 5896 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\WINDOWS\System32\browser.dll 17:29:32.0242 5896 Browser - ok 17:29:32.0320 5896 [ FC79BE6D8FBC8699E9980F657D281BE9 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 17:29:32.0321 5896 BthAvrcpTg - ok 17:29:32.0346 5896 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys 17:29:32.0348 5896 BthHFEnum - ok 17:29:32.0362 5896 [ 6F7368071FCDDB96C0527A6E5D7C1906 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys 17:29:32.0363 5896 bthhfhid - ok 17:29:32.0373 5896 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys 17:29:32.0374 5896 BTHMODEM - ok 17:29:32.0394 5896 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\WINDOWS\system32\bthserv.dll 17:29:32.0395 5896 bthserv - ok 17:29:32.0440 5896 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\WINDOWS\system32\drivers\NISx64\1402000.013\ccSetx64.sys 17:29:32.0441 5896 ccSet_NIS - ok 17:29:32.0449 5896 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys 17:29:32.0450 5896 cdfs - ok 17:29:32.0459 5896 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys 17:29:32.0461 5896 cdrom - ok 17:29:32.0464 5896 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\WINDOWS\System32\certprop.dll 17:29:32.0465 5896 CertPropSvc - ok 17:29:32.0481 5896 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\WINDOWS\System32\drivers\circlass.sys 17:29:32.0482 5896 circlass - ok 17:29:32.0497 5896 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys 17:29:32.0500 5896 CLFS - ok 17:29:32.0516 5896 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys 17:29:32.0516 5896 CmBatt - ok 17:29:32.0535 5896 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\WINDOWS\system32\Drivers\cng.sys 17:29:32.0538 5896 CNG - ok 17:29:32.0550 5896 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys 17:29:32.0550 5896 CompositeBus - ok 17:29:32.0552 5896 COMSysApp - ok 17:29:32.0562 5896 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\WINDOWS\system32\drivers\condrv.sys 17:29:32.0562 5896 condrv - ok 17:29:32.0572 5896 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll 17:29:32.0572 5896 CryptSvc - ok 17:29:32.0584 5896 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\WINDOWS\system32\drivers\dam.sys 17:29:32.0584 5896 dam - ok 17:29:32.0611 5896 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:29:32.0616 5896 DcomLaunch - ok 17:29:32.0639 5896 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll 17:29:32.0642 5896 defragsvc - ok 17:29:32.0659 5896 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll 17:29:32.0661 5896 DeviceAssociationService - ok 17:29:32.0683 5896 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll 17:29:32.0684 5896 DeviceInstall - ok 17:29:32.0710 5896 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys 17:29:32.0711 5896 Dfsc - ok 17:29:32.0738 5896 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll 17:29:32.0740 5896 Dhcp - ok 17:29:32.0746 5896 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\WINDOWS\system32\drivers\discache.sys 17:29:32.0747 5896 discache - ok 17:29:32.0754 5896 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\WINDOWS\system32\drivers\disk.sys 17:29:32.0755 5896 disk - ok 17:29:32.0766 5896 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys 17:29:32.0766 5896 dmvsc - ok 17:29:32.0789 5896 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:29:32.0790 5896 Dnscache - ok 17:29:32.0806 5896 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\WINDOWS\System32\dot3svc.dll 17:29:32.0808 5896 dot3svc - ok 17:29:32.0818 5896 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\WINDOWS\system32\dps.dll 17:29:32.0819 5896 DPS - ok 17:29:32.0841 5896 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:29:32.0841 5896 drmkaud - ok 17:29:32.0851 5896 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll 17:29:32.0853 5896 DsmSvc - ok 17:29:32.0894 5896 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys 17:29:32.0903 5896 DXGKrnl - ok 17:29:32.0915 5896 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\WINDOWS\System32\eapsvc.dll 17:29:32.0916 5896 Eaphost - ok 17:29:33.0076 5896 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys 17:29:33.0094 5896 ebdrv - ok 17:29:33.0126 5896 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 17:29:33.0129 5896 eeCtrl - ok 17:29:33.0158 5896 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\WINDOWS\System32\lsass.exe 17:29:33.0159 5896 EFS - ok 17:29:33.0171 5896 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys 17:29:33.0172 5896 EhStorClass - ok 17:29:33.0196 5896 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys 17:29:33.0197 5896 EhStorTcgDrv - ok 17:29:33.0219 5896 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 17:29:33.0220 5896 EraserUtilRebootDrv - ok 17:29:33.0229 5896 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys 17:29:33.0230 5896 ErrDev - ok 17:29:33.0266 5896 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\WINDOWS\system32\es.dll 17:29:33.0269 5896 EventSystem - ok 17:29:33.0288 5896 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\WINDOWS\system32\drivers\exfat.sys 17:29:33.0289 5896 exfat - ok 17:29:33.0295 5896 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys 17:29:33.0296 5896 fastfat - ok 17:29:33.0416 5896 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\WINDOWS\system32\fxssvc.exe 17:29:33.0530 5896 Fax - ok 17:29:33.0593 5896 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\WINDOWS\System32\drivers\fdc.sys 17:29:33.0594 5896 fdc - ok 17:29:33.0607 5896 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\WINDOWS\system32\fdPHost.dll 17:29:33.0608 5896 fdPHost - ok 17:29:33.0630 5896 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\WINDOWS\system32\fdrespub.dll 17:29:33.0631 5896 FDResPub - ok 17:29:33.0657 5896 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\WINDOWS\system32\fhsvc.dll 17:29:33.0659 5896 fhsvc - ok 17:29:33.0684 5896 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys 17:29:33.0707 5896 FileInfo - ok 17:29:33.0751 5896 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys 17:29:33.0784 5896 Filetrace - ok 17:29:33.0861 5896 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys 17:29:33.0905 5896 flpydisk - ok 17:29:34.0002 5896 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 17:29:34.0006 5896 FltMgr - ok 17:29:34.0066 5896 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\WINDOWS\system32\FntCache.dll 17:29:34.0078 5896 FontCache - ok 17:29:34.0150 5896 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:29:34.0151 5896 FontCache3.0.0.0 - ok 17:29:34.0176 5896 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys 17:29:34.0178 5896 FsDepends - ok 17:29:34.0192 5896 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:29:34.0192 5896 Fs_Rec - ok 17:29:34.0236 5896 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys 17:29:34.0241 5896 fvevol - ok 17:29:34.0259 5896 [ 3EF3FCCC0E70EEC5C2AD996F32BBA642 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys 17:29:34.0259 5896 FxPPM - ok 17:29:34.0271 5896 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys 17:29:34.0272 5896 gagp30kx - ok 17:29:34.0297 5896 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 17:29:34.0305 5896 GEARAspiWDM - ok 17:29:34.0333 5896 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys 17:29:34.0334 5896 gencounter - ok 17:29:34.0350 5896 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys 17:29:34.0353 5896 GPIOClx0101 - ok 17:29:34.0400 5896 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\WINDOWS\System32\gpsvc.dll 17:29:34.0413 5896 gpsvc - ok 17:29:34.0493 5896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:29:34.0494 5896 gupdate - ok 17:29:34.0498 5896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:29:34.0499 5896 gupdatem - ok 17:29:34.0527 5896 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys 17:29:34.0528 5896 hamachi - ok 17:29:34.0619 5896 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 17:29:34.0640 5896 Hamachi2Svc - ok 17:29:34.0657 5896 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 17:29:34.0660 5896 HdAudAddService - ok 17:29:34.0685 5896 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys 17:29:34.0686 5896 HDAudBus - ok 17:29:34.0708 5896 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys 17:29:34.0709 5896 HidBatt - ok 17:29:34.0722 5896 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys 17:29:34.0724 5896 HidBth - ok 17:29:34.0734 5896 [ AC0526C4E3A7954F750B8F8D95EFB340 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys 17:29:34.0734 5896 hidi2c - ok 17:29:34.0738 5896 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys 17:29:34.0739 5896 HidIr - ok 17:29:34.0759 5896 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\WINDOWS\system32\hidserv.dll 17:29:34.0760 5896 hidserv - ok 17:29:34.0776 5896 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys 17:29:34.0777 5896 HidUsb - ok 17:29:34.0794 5896 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll 17:29:34.0796 5896 hkmsvc - ok 17:29:34.0876 5896 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll 17:29:34.0885 5896 HomeGroupListener - ok 17:29:34.0913 5896 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll 17:29:34.0919 5896 HomeGroupProvider - ok 17:29:34.0933 5896 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys 17:29:34.0945 5896 HpSAMD - ok 17:29:34.0969 5896 [ 47DBBF38E00C3F7404B71F6509241EF1 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys 17:29:34.0978 5896 HTTP - ok 17:29:34.0992 5896 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys 17:29:34.0992 5896 hwpolicy - ok 17:29:35.0001 5896 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys 17:29:35.0006 5896 hyperkbd - ok 17:29:35.0022 5896 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys 17:29:35.0032 5896 HyperVideo - ok 17:29:35.0050 5896 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys 17:29:35.0052 5896 i8042prt - ok 17:29:35.0070 5896 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys 17:29:35.0075 5896 iaStorV - ok 17:29:35.0125 5896 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121205.001\IDSvia64.sys 17:29:35.0165 5896 IDSVia64 - ok 17:29:35.0180 5896 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\WINDOWS\system32\drivers\iirsp.sys 17:29:35.0181 5896 iirsp - ok 17:29:35.0215 5896 [ 45EACE8D94B9CEC746A85154892C4FDC ] IKEEXT C:\WINDOWS\System32\ikeext.dll 17:29:35.0225 5896 IKEEXT - ok 17:29:35.0253 5896 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\WINDOWS\system32\drivers\intelide.sys 17:29:35.0254 5896 intelide - ok 17:29:35.0269 5896 [ F9E126AA767E2E6E3128434A43C9F713 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys 17:29:35.0270 5896 intelppm - ok 17:29:35.0285 5896 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:29:35.0287 5896 IpFilterDriver - ok 17:29:35.0325 5896 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll 17:29:35.0333 5896 iphlpsvc - ok 17:29:35.0347 5896 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys 17:29:35.0348 5896 IPMIDRV - ok 17:29:35.0364 5896 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys 17:29:35.0367 5896 IPNAT - ok 17:29:35.0398 5896 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:29:35.0406 5896 iPod Service - ok 17:29:35.0418 5896 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys 17:29:35.0419 5896 IRENUM - ok 17:29:35.0442 5896 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys 17:29:35.0443 5896 isapnp - ok 17:29:35.0456 5896 [ F5F0DE1B7F256997501EECECE9648108 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys 17:29:35.0459 5896 iScsiPrt - ok 17:29:35.0472 5896 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys 17:29:35.0473 5896 kbdclass - ok 17:29:35.0490 5896 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys 17:29:35.0491 5896 kbdhid - ok 17:29:35.0501 5896 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys 17:29:35.0502 5896 kdnic - ok 17:29:35.0509 5896 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\WINDOWS\system32\lsass.exe 17:29:35.0510 5896 KeyIso - ok 17:29:35.0529 5896 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys 17:29:35.0530 5896 KSecDD - ok 17:29:35.0559 5896 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys 17:29:35.0561 5896 KSecPkg - ok 17:29:35.0572 5896 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys 17:29:35.0572 5896 ksthunk - ok 17:29:35.0594 5896 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll 17:29:35.0599 5896 KtmRm - ok 17:29:35.0624 5896 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\WINDOWS\system32\srvsvc.dll 17:29:35.0628 5896 LanmanServer - ok 17:29:35.0645 5896 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll 17:29:35.0649 5896 LanmanWorkstation - ok 17:29:35.0665 5896 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys 17:29:35.0666 5896 lltdio - ok 17:29:35.0692 5896 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll 17:29:35.0696 5896 lltdsvc - ok 17:29:35.0709 5896 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll 17:29:35.0710 5896 lmhosts - ok 17:29:35.0738 5896 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys 17:29:35.0740 5896 LSI_SAS - ok 17:29:35.0750 5896 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys 17:29:35.0751 5896 LSI_SAS2 - ok 17:29:35.0760 5896 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\WINDOWS\system32\drivers\lsi_scsi.sys 17:29:35.0762 5896 LSI_SCSI - ok 17:29:35.0772 5896 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys 17:29:35.0773 5896 LSI_SSS - ok 17:29:35.0792 5896 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\WINDOWS\System32\lsm.dll 17:29:35.0796 5896 LSM - ok 17:29:35.0811 5896 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\WINDOWS\system32\drivers\luafv.sys 17:29:35.0814 5896 luafv - ok 17:29:35.0825 5896 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\WINDOWS\system32\drivers\megasas.sys 17:29:35.0826 5896 megasas - ok 17:29:35.0841 5896 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\WINDOWS\system32\drivers\MegaSR.sys 17:29:35.0846 5896 MegaSR - ok 17:29:35.0867 5896 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys 17:29:35.0868 5896 MEIx64 - ok 17:29:35.0897 5896 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\WINDOWS\system32\mmcss.dll 17:29:35.0899 5896 MMCSS - ok 17:29:35.0913 5896 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\WINDOWS\system32\drivers\modem.sys 17:29:35.0915 5896 Modem - ok 17:29:35.0943 5896 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\WINDOWS\system32\DRIVERS\monitor.sys 17:29:35.0943 5896 monitor - ok 17:29:35.0951 5896 [ 618446B98C79776654340CE27C73485E ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys 17:29:35.0952 5896 mouclass - ok 17:29:35.0962 5896 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys 17:29:35.0962 5896 mouhid - ok 17:29:35.0976 5896 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys 17:29:35.0978 5896 mountmgr - ok 17:29:36.0005 5896 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys 17:29:36.0006 5896 mpsdrv - ok 17:29:36.0047 5896 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll 17:29:36.0056 5896 MpsSvc - ok 17:29:36.0069 5896 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys 17:29:36.0072 5896 MRxDAV - ok 17:29:36.0105 5896 [ 75C633892ADA5D48DAEAF0315E08AAFF ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:29:36.0109 5896 mrxsmb - ok 17:29:36.0125 5896 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 17:29:36.0129 5896 mrxsmb10 - ok 17:29:36.0145 5896 [ E9C47B374DB1E9752F525F59FB6B73B3 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 17:29:36.0149 5896 mrxsmb20 - ok 17:29:36.0170 5896 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys 17:29:36.0173 5896 MsBridge - ok 17:29:36.0205 5896 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\WINDOWS\System32\msdtc.exe 17:29:36.0208 5896 MSDTC - ok 17:29:36.0224 5896 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:29:36.0225 5896 Msfs - ok 17:29:36.0250 5896 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys 17:29:36.0250 5896 msgpiowin32 - ok 17:29:36.0268 5896 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys 17:29:36.0269 5896 mshidkmdf - ok 17:29:36.0272 5896 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys 17:29:36.0273 5896 mshidumdf - ok 17:29:36.0282 5896 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys 17:29:36.0282 5896 msisadrv - ok 17:29:36.0309 5896 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll 17:29:36.0311 5896 MSiSCSI - ok 17:29:36.0314 5896 msiserver - ok 17:29:36.0325 5896 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:29:36.0325 5896 MSKSSRV - ok 17:29:36.0328 5896 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys 17:29:36.0329 5896 MsLldp - ok 17:29:36.0338 5896 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:29:36.0338 5896 MSPCLOCK - ok 17:29:36.0349 5896 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:29:36.0349 5896 MSPQM - ok 17:29:36.0362 5896 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys 17:29:36.0365 5896 MsRPC - ok 17:29:36.0389 5896 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys 17:29:36.0390 5896 mssmbios - ok 17:29:36.0403 5896 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 17:29:36.0404 5896 MSTEE - ok 17:29:36.0415 5896 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys 17:29:36.0416 5896 MTConfig - ok 17:29:36.0427 5896 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\WINDOWS\system32\Drivers\mup.sys 17:29:36.0428 5896 Mup - ok 17:29:36.0438 5896 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys 17:29:36.0439 5896 mvumis - ok 17:29:36.0465 5896 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\WINDOWS\system32\qagentRT.dll 17:29:36.0469 5896 napagent - ok 17:29:36.0481 5896 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys 17:29:36.0484 5896 NativeWifiP - ok 17:29:36.0550 5896 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121206.003\ENG64.SYS 17:29:36.0552 5896 NAVENG - ok 17:29:36.0590 5896 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121206.003\EX64.SYS 17:29:36.0611 5896 NAVEX15 - ok 17:29:36.0639 5896 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll 17:29:36.0640 5896 NcaSvc - ok 17:29:36.0651 5896 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll 17:29:36.0652 5896 NcdAutoSetup - ok 17:29:36.0681 5896 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys 17:29:36.0687 5896 NDIS - ok 17:29:36.0694 5896 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys 17:29:36.0694 5896 NdisCap - ok 17:29:36.0704 5896 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys 17:29:36.0705 5896 NdisImPlatform - ok 17:29:36.0724 5896 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:29:36.0725 5896 NdisTapi - ok 17:29:36.0749 5896 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:29:36.0749 5896 Ndisuio - ok 17:29:36.0764 5896 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:29:36.0765 5896 NdisWan - ok 17:29:36.0768 5896 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:29:36.0769 5896 NDISWANLEGACY - ok 17:29:36.0783 5896 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:29:36.0784 5896 NDProxy - ok 17:29:36.0793 5896 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys 17:29:36.0795 5896 Ndu - ok 17:29:36.0805 5896 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:29:36.0806 5896 NetBIOS - ok 17:29:36.0820 5896 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:29:36.0824 5896 NetBT - ok 17:29:36.0834 5896 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\WINDOWS\system32\lsass.exe 17:29:36.0835 5896 Netlogon - ok 17:29:36.0856 5896 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\WINDOWS\System32\netman.dll 17:29:36.0859 5896 Netman - ok 17:29:36.0875 5896 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\WINDOWS\System32\netprofmsvc.dll 17:29:36.0929 5896 netprofm - ok 17:29:36.0977 5896 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:29:36.0999 5896 NetTcpPortSharing - ok 17:29:37.0020 5896 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\WINDOWS\system32\drivers\nfrd960.sys 17:29:37.0021 5896 nfrd960 - ok 17:29:37.0077 5896 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe 17:29:37.0080 5896 NIS - ok 17:29:37.0119 5896 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll 17:29:37.0123 5896 NlaSvc - ok 17:29:37.0135 5896 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:29:37.0137 5896 Npfs - ok 17:29:37.0146 5896 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys 17:29:37.0147 5896 npsvctrig - ok 17:29:37.0173 5896 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\WINDOWS\system32\nsisvc.dll 17:29:37.0175 5896 nsi - ok 17:29:37.0185 5896 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys 17:29:37.0186 5896 nsiproxy - ok 17:29:37.0238 5896 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:29:37.0257 5896 Ntfs - ok 17:29:37.0269 5896 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\WINDOWS\system32\drivers\Null.sys 17:29:37.0269 5896 Null - ok 17:29:37.0322 5896 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys 17:29:37.0325 5896 NVHDA - ok 17:29:37.0485 5896 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys 17:29:37.0627 5896 nvlddmkm - ok 17:29:37.0649 5896 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys 17:29:37.0650 5896 nvraid - ok 17:29:37.0672 5896 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys 17:29:37.0674 5896 nvstor - ok 17:29:37.0710 5896 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\WINDOWS\system32\nvvsvc.exe 17:29:37.0719 5896 nvsvc - ok 17:29:37.0774 5896 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 17:29:37.0782 5896 nvUpdatusService - ok 17:29:37.0796 5896 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys 17:29:37.0796 5896 nv_agp - ok 17:29:37.0818 5896 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll 17:29:37.0820 5896 p2pimsvc - ok 17:29:37.0843 5896 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\WINDOWS\system32\p2psvc.dll 17:29:37.0846 5896 p2psvc - ok 17:29:37.0869 5896 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\WINDOWS\System32\drivers\parport.sys 17:29:37.0870 5896 Parport - ok 17:29:37.0884 5896 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys 17:29:37.0885 5896 partmgr - ok 17:29:37.0915 5896 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll 17:29:37.0918 5896 PcaSvc - ok 17:29:37.0930 5896 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\WINDOWS\system32\drivers\pci.sys 17:29:37.0932 5896 pci - ok 17:29:37.0944 5896 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\WINDOWS\system32\drivers\pciide.sys 17:29:37.0944 5896 pciide - ok 17:29:37.0960 5896 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys 17:29:37.0963 5896 pcmcia - ok 17:29:37.0978 5896 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\WINDOWS\system32\drivers\pcw.sys 17:29:37.0979 5896 pcw - ok 17:29:37.0987 5896 [ 668168D499F7A16ABD0AD7ADA6563577 ] pdc C:\WINDOWS\system32\drivers\pdc.sys 17:29:37.0988 5896 pdc - ok 17:29:38.0023 5896 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys 17:29:38.0029 5896 PEAUTH - ok 17:29:38.0081 5896 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe 17:29:38.0109 5896 PerfHost - ok 17:29:38.0155 5896 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\WINDOWS\system32\pla.dll 17:29:38.0164 5896 pla - ok 17:29:38.0191 5896 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll 17:29:38.0192 5896 PlugPlay - ok 17:29:38.0213 5896 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll 17:29:38.0215 5896 PNRPAutoReg - ok 17:29:38.0234 5896 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll 17:29:38.0236 5896 PNRPsvc - ok 17:29:38.0254 5896 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\WINDOWS\System32\drivers\point64.sys 17:29:38.0255 5896 Point64 - ok 17:29:38.0270 5896 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll 17:29:38.0272 5896 PolicyAgent - ok 17:29:38.0296 5896 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\WINDOWS\system32\umpo.dll 17:29:38.0298 5896 Power - ok 17:29:38.0325 5896 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:29:38.0326 5896 PptpMiniport - ok 17:29:38.0402 5896 [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll 17:29:38.0422 5896 PrintNotify - ok 17:29:38.0432 5896 [ 8DA167F8967AB35A2487095CB1B879A0 ] Processor C:\WINDOWS\System32\drivers\processr.sys 17:29:38.0433 5896 Processor - ok 17:29:38.0462 5896 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\WINDOWS\system32\profsvc.dll 17:29:38.0464 5896 ProfSvc - ok 17:29:38.0526 5896 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys 17:29:38.0557 5896 Psched - ok 17:29:38.0587 5896 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\WINDOWS\system32\qwave.dll 17:29:38.0632 5896 QWAVE - ok 17:29:38.0655 5896 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys 17:29:38.0690 5896 QWAVEdrv - ok 17:29:38.0706 5896 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:29:38.0707 5896 RasAcd - ok 17:29:38.0722 5896 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys 17:29:38.0724 5896 RasAgileVpn - ok 17:29:38.0728 5896 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:29:38.0731 5896 RasAuto - ok 17:29:38.0740 5896 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:29:38.0742 5896 Rasl2tp - ok 17:29:38.0749 5896 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:29:38.0754 5896 RasMan - ok 17:29:38.0782 5896 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:29:38.0783 5896 RasPppoe - ok 17:29:38.0797 5896 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys 17:29:38.0799 5896 RasSstp - ok 17:29:38.0815 5896 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:29:38.0819 5896 rdbss - ok 17:29:38.0829 5896 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys 17:29:38.0830 5896 rdpbus - ok 17:29:38.0845 5896 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys 17:29:38.0847 5896 RDPDR - ok 17:29:38.0869 5896 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys 17:29:38.0870 5896 RdpVideoMiniport - ok 17:29:38.0890 5896 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:29:38.0892 5896 RDPWD - ok 17:29:38.0912 5896 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys 17:29:38.0914 5896 rdyboost - ok 17:29:38.0932 5896 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:29:38.0935 5896 RemoteAccess - ok 17:29:38.0956 5896 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 17:29:38.0961 5896 RemoteRegistry - ok 17:29:38.0991 5896 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll 17:29:38.0993 5896 RpcEptMapper - ok 17:29:39.0009 5896 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\WINDOWS\system32\locator.exe 17:29:39.0011 5896 RpcLocator - ok 17:29:39.0030 5896 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\WINDOWS\system32\rpcss.dll 17:29:39.0037 5896 RpcSs - ok 17:29:39.0050 5896 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys 17:29:39.0052 5896 rspndr - ok 17:29:39.0079 5896 [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys 17:29:39.0084 5896 RTL8168 - ok 17:29:39.0104 5896 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys 17:29:39.0105 5896 s3cap - ok 17:29:39.0117 5896 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\WINDOWS\system32\lsass.exe 17:29:39.0118 5896 SamSs - ok 17:29:39.0136 5896 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys 17:29:39.0138 5896 sbp2port - ok 17:29:39.0167 5896 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll 17:29:39.0170 5896 SCardSvr - ok 17:29:39.0180 5896 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys 17:29:39.0181 5896 scfilter - ok 17:29:39.0212 5896 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:29:39.0226 5896 Schedule - ok 17:29:39.0245 5896 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll 17:29:39.0246 5896 SCPolicySvc - ok 17:29:39.0273 5896 [ 008E4F21A9F5B8847E166C7119799754 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys 17:29:39.0274 5896 sdbus - ok 17:29:39.0290 5896 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll 17:29:39.0292 5896 SDRSVC - ok 17:29:39.0308 5896 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys 17:29:39.0309 5896 sdstor - ok 17:29:39.0323 5896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys 17:29:39.0323 5896 secdrv - ok 17:29:39.0337 5896 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\WINDOWS\system32\seclogon.dll 17:29:39.0338 5896 seclogon - ok 17:29:39.0353 5896 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\WINDOWS\System32\sens.dll 17:29:39.0354 5896 SENS - ok 17:29:39.0357 5896 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll 17:29:39.0359 5896 SensrSvc - ok 17:29:39.0381 5896 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys 17:29:39.0382 5896 SerCx - ok 17:29:39.0392 5896 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\WINDOWS\System32\drivers\serenum.sys 17:29:39.0393 5896 Serenum - ok 17:29:39.0404 5896 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\WINDOWS\System32\drivers\serial.sys 17:29:39.0405 5896 Serial - ok 17:29:39.0422 5896 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys 17:29:39.0422 5896 sermouse - ok 17:29:39.0428 5896 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\WINDOWS\system32\sessenv.dll 17:29:39.0431 5896 SessionEnv - ok 17:29:39.0433 5896 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys 17:29:39.0434 5896 sfloppy - ok 17:29:39.0460 5896 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:29:39.0463 5896 SharedAccess - ok 17:29:39.0485 5896 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:29:39.0488 5896 ShellHWDetection - ok 17:29:39.0501 5896 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys 17:29:39.0501 5896 SiSRaid2 - ok 17:29:39.0515 5896 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys 17:29:39.0516 5896 SiSRaid4 - ok 17:29:39.0528 5896 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 17:29:39.0529 5896 SNMPTRAP - ok 17:29:39.0543 5896 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys 17:29:39.0544 5896 spaceport - ok 17:29:39.0547 5896 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys 17:29:39.0547 5896 SpbCx - ok 17:29:39.0561 5896 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\WINDOWS\System32\spoolsv.exe 17:29:39.0566 5896 Spooler - ok 17:29:39.0641 5896 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\WINDOWS\system32\sppsvc.exe 17:29:39.0668 5896 sppsvc - ok 17:29:39.0728 5896 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\WINDOWS\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS 17:29:39.0736 5896 SRTSP - ok 17:29:39.0752 5896 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\WINDOWS\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS 17:29:39.0753 5896 SRTSPX - ok 17:29:39.0784 5896 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:29:39.0789 5896 srv - ok 17:29:39.0820 5896 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys 17:29:39.0827 5896 srv2 - ok 17:29:39.0835 5896 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys 17:29:39.0837 5896 srvnet - ok 17:29:39.0859 5896 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:29:39.0862 5896 SSDPSRV - ok 17:29:39.0871 5896 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll 17:29:39.0872 5896 SstpSvc - ok 17:29:39.0892 5896 Steam Client Service - ok 17:29:39.0946 5896 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 17:29:39.0950 5896 Stereo Service - ok 17:29:39.0973 5896 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys 17:29:39.0974 5896 stexstor - ok 17:29:40.0005 5896 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\WINDOWS\System32\wiaservc.dll 17:29:40.0012 5896 stisvc - ok 17:29:40.0037 5896 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys 17:29:40.0039 5896 storahci - ok 17:29:40.0050 5896 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys 17:29:40.0051 5896 storflt - ok 17:29:40.0065 5896 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\WINDOWS\system32\storsvc.dll 17:29:40.0067 5896 StorSvc - ok 17:29:40.0080 5896 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys 17:29:40.0081 5896 storvsc - ok 17:29:40.0110 5896 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\WINDOWS\system32\svsvc.dll 17:29:40.0112 5896 svsvc - ok 17:29:40.0121 5896 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\WINDOWS\System32\drivers\swenum.sys 17:29:40.0121 5896 swenum - ok 17:29:40.0141 5896 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\WINDOWS\System32\swprv.dll 17:29:40.0148 5896 swprv - ok 17:29:40.0176 5896 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\WINDOWS\system32\drivers\NISx64\1402000.013\SYMDS64.SYS 17:29:40.0180 5896 SymDS - ok 17:29:40.0195 5896 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\WINDOWS\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS 17:29:40.0207 5896 SymEFA - ok 17:29:40.0232 5896 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\WINDOWS\system32\drivers\NISx64\1402000.013\SymELAM.sys 17:29:40.0232 5896 SymELAM - ok 17:29:40.0261 5896 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 17:29:40.0263 5896 SymEvent - ok 17:29:40.0275 5896 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\WINDOWS\system32\drivers\NISx64\1402000.013\Ironx64.SYS 17:29:40.0278 5896 SymIRON - ok 17:29:40.0292 5896 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\WINDOWS\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS 17:29:40.0297 5896 SymNetS - ok 17:29:40.0337 5896 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\WINDOWS\system32\sysmain.dll 17:29:40.0351 5896 SysMain - ok 17:29:40.0377 5896 [ 079244F281621FEDCC161D3923E858FE ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll 17:29:40.0379 5896 SystemEventsBroker - ok 17:29:40.0390 5896 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll 17:29:40.0391 5896 TabletInputService - ok 17:29:40.0402 5896 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:29:40.0405 5896 TapiSrv - ok 17:29:40.0458 5896 [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys 17:29:40.0480 5896 Tcpip - ok 17:29:40.0499 5896 [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:29:40.0509 5896 TCPIP6 - ok 17:29:40.0539 5896 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys 17:29:40.0540 5896 tcpipreg - ok 17:29:40.0546 5896 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys 17:29:40.0547 5896 tdx - ok 17:29:40.0564 5896 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys 17:29:40.0565 5896 terminpt - ok 17:29:40.0593 5896 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\WINDOWS\System32\termsrv.dll 17:29:40.0601 5896 TermService - ok 17:29:40.0614 5896 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\WINDOWS\system32\themeservice.dll 17:29:40.0616 5896 Themes - ok 17:29:40.0647 5896 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\WINDOWS\system32\mmcss.dll 17:29:40.0649 5896 THREADORDER - ok 17:29:40.0679 5896 [ 52066C139CC189468845D5BE557B25EB ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll 17:29:40.0682 5896 TimeBroker - ok 17:29:40.0703 5896 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\WINDOWS\system32\drivers\tpm.sys 17:29:40.0706 5896 TPM - ok 17:29:40.0714 5896 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\WINDOWS\System32\trkwks.dll 17:29:40.0717 5896 TrkWks - ok 17:29:40.0748 5896 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe 17:29:40.0749 5896 TrustedInstaller - ok 17:29:40.0761 5896 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys 17:29:40.0762 5896 TsUsbFlt - ok 17:29:40.0773 5896 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys 17:29:40.0774 5896 TsUsbGD - ok 17:29:40.0798 5896 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys 17:29:40.0801 5896 tunnel - ok 17:29:40.0813 5896 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys 17:29:40.0814 5896 uagp35 - ok 17:29:40.0820 5896 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys 17:29:40.0822 5896 UASPStor - ok 17:29:40.0828 5896 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys 17:29:40.0830 5896 UCX01000 - ok 17:29:40.0847 5896 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys 17:29:40.0850 5896 udfs - ok 17:29:40.0871 5896 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe 17:29:40.0874 5896 UI0Detect - ok 17:29:40.0888 5896 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys 17:29:40.0889 5896 uliagpkx - ok 17:29:40.0904 5896 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\WINDOWS\System32\drivers\umbus.sys 17:29:40.0905 5896 umbus - ok 17:29:40.0919 5896 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys 17:29:40.0919 5896 UmPass - ok 17:29:40.0938 5896 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\WINDOWS\System32\umrdp.dll 17:29:40.0942 5896 UmRdpService - ok 17:29:40.0960 5896 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\WINDOWS\System32\upnphost.dll 17:29:40.0966 5896 upnphost - ok 17:29:40.0985 5896 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys 17:29:40.0987 5896 USBAAPL64 - ok 17:29:41.0009 5896 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys 17:29:41.0011 5896 usbccgp - ok 17:29:41.0032 5896 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys 17:29:41.0033 5896 usbcir - ok 17:29:41.0057 5896 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys 17:29:41.0058 5896 usbehci - ok 17:29:41.0073 5896 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys 17:29:41.0076 5896 usbhub - ok 17:29:41.0090 5896 [ 7B886003CEEBF3C8E4FDF3586DCB3787 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys 17:29:41.0093 5896 USBHUB3 - ok 17:29:41.0109 5896 [ EC1303E3DBF312B846377A84C0D15F27 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys 17:29:41.0110 5896 usbohci - ok 17:29:41.0122 5896 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys 17:29:41.0123 5896 usbprint - ok 17:29:41.0134 5896 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS 17:29:41.0135 5896 USBSTOR - ok 17:29:41.0150 5896 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys 17:29:41.0151 5896 usbuhci - ok 17:29:41.0165 5896 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS 17:29:41.0168 5896 USBXHCI - ok 17:29:41.0175 5896 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\WINDOWS\system32\lsass.exe 17:29:41.0175 5896 VaultSvc - ok 17:29:41.0200 5896 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys 17:29:41.0200 5896 vdrvroot - ok 17:29:41.0221 5896 [ 00FBA165A1167738802DA5D0EE78EF10 ] vds C:\WINDOWS\System32\vds.exe 17:29:41.0229 5896 vds - ok 17:29:41.0248 5896 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys 17:29:41.0250 5896 VerifierExt - ok 17:29:41.0271 5896 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys 17:29:41.0277 5896 vhdmp - ok 17:29:41.0288 5896 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\WINDOWS\system32\drivers\viaide.sys 17:29:41.0289 5896 viaide - ok 17:29:41.0299 5896 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys 17:29:41.0301 5896 vmbus - ok 17:29:41.0313 5896 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys 17:29:41.0313 5896 VMBusHID - ok 17:29:41.0341 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll 17:29:41.0345 5896 vmicheartbeat - ok 17:29:41.0351 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll 17:29:41.0354 5896 vmickvpexchange - ok 17:29:41.0360 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll 17:29:41.0363 5896 vmicrdv - ok 17:29:41.0369 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll 17:29:41.0372 5896 vmicshutdown - ok 17:29:41.0378 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll 17:29:41.0381 5896 vmictimesync - ok 17:29:41.0387 5896 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\WINDOWS\System32\ICSvc.dll 17:29:41.0389 5896 vmicvss - ok 17:29:41.0409 5896 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys 17:29:41.0410 5896 volmgr - ok 17:29:41.0423 5896 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys 17:29:41.0425 5896 volmgrx - ok 17:29:41.0436 5896 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys 17:29:41.0439 5896 volsnap - ok 17:29:41.0450 5896 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\WINDOWS\System32\drivers\vpci.sys 17:29:41.0451 5896 vpci - ok 17:29:41.0459 5896 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys 17:29:41.0460 5896 vsmraid - ok 17:29:41.0487 5896 [ EA658570314042C914964FC72AB50E6B ] VSS C:\WINDOWS\system32\vssvc.exe 17:29:41.0498 5896 VSS - ok 17:29:41.0513 5896 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys 17:29:41.0515 5896 VSTXRAID - ok 17:29:41.0524 5896 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys 17:29:41.0525 5896 vwifibus - ok 17:29:41.0531 5896 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys 17:29:41.0531 5896 vwififlt - ok 17:29:41.0538 5896 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys 17:29:41.0538 5896 vwifimp - ok 17:29:41.0569 5896 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\WINDOWS\system32\w32time.dll 17:29:41.0572 5896 W32Time - ok 17:29:41.0585 5896 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys 17:29:41.0585 5896 WacomPen - ok 17:29:41.0611 5896 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:29:41.0612 5896 Wanarp - ok 17:29:41.0614 5896 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:29:41.0615 5896 Wanarpv6 - ok 17:29:41.0638 5896 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\WINDOWS\system32\wbengine.exe 17:29:41.0650 5896 wbengine - ok 17:29:41.0665 5896 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll 17:29:41.0668 5896 WbioSrvc - ok 17:29:41.0684 5896 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll 17:29:41.0686 5896 Wcmsvc - ok 17:29:41.0716 5896 [ 4507D89FA9E4283100948C91E867D130 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll 17:29:41.0720 5896 wcncsvc - ok 17:29:41.0733 5896 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll 17:29:41.0734 5896 WcsPlugInService - ok 17:29:41.0752 5896 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\WINDOWS\system32\drivers\wd.sys 17:29:41.0752 5896 Wd - ok 17:29:41.0762 5896 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys 17:29:41.0762 5896 WdBoot - ok 17:29:41.0792 5896 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys 17:29:41.0797 5896 Wdf01000 - ok 17:29:41.0801 5896 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys 17:29:41.0803 5896 WdFilter - ok 17:29:41.0815 5896 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll 17:29:41.0816 5896 WdiServiceHost - ok 17:29:41.0818 5896 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll 17:29:41.0820 5896 WdiSystemHost - ok 17:29:41.0823 5896 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:29:41.0825 5896 WebClient - ok 17:29:41.0829 5896 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll 17:29:41.0831 5896 Wecsvc - ok 17:29:41.0841 5896 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll 17:29:41.0842 5896 wercplsupport - ok 17:29:41.0854 5896 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\WINDOWS\System32\WerSvc.dll 17:29:41.0855 5896 WerSvc - ok 17:29:41.0867 5896 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys 17:29:41.0868 5896 WFPLWFS - ok 17:29:41.0882 5896 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll 17:29:41.0883 5896 WiaRpc - ok 17:29:41.0891 5896 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys 17:29:41.0891 5896 WIMMount - ok 17:29:41.0897 5896 WinDefend - ok 17:29:41.0924 5896 [ 1369928779943B5C7AABA263E6E2BBC1 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll 17:29:41.0929 5896 WinHttpAutoProxySvc - ok 17:29:41.0967 5896 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:29:41.0969 5896 Winmgmt - ok 17:29:42.0014 5896 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\WINDOWS\system32\WsmSvc.dll 17:29:42.0042 5896 WinRM - ok 17:29:42.0076 5896 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys 17:29:42.0077 5896 WinUsb - ok 17:29:42.0119 5896 [ EE83FBF4B9802983A3F980862CDA46BE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll 17:29:42.0133 5896 WlanSvc - ok 17:29:42.0180 5896 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll 17:29:42.0199 5896 wlidsvc - ok 17:29:42.0228 5896 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys 17:29:42.0228 5896 WmiAcpi - ok 17:29:42.0251 5896 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe 17:29:42.0252 5896 wmiApSrv - ok 17:29:42.0275 5896 WMPNetworkSvc - ok 17:29:42.0293 5896 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys 17:29:42.0294 5896 wpcfltr - ok 17:29:42.0311 5896 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll 17:29:42.0312 5896 WPCSvc - ok 17:29:42.0325 5896 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll 17:29:42.0326 5896 WPDBusEnum - ok 17:29:42.0333 5896 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys 17:29:42.0334 5896 WpdUpFltr - ok 17:29:42.0364 5896 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys 17:29:42.0364 5896 ws2ifsl - ok 17:29:42.0379 5896 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\WINDOWS\System32\wscsvc.dll 17:29:42.0380 5896 wscsvc - ok 17:29:42.0382 5896 WSearch - ok 17:29:42.0424 5896 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\WINDOWS\System32\WSService.dll 17:29:42.0440 5896 WSService - ok 17:29:42.0500 5896 [ 270282F9357AB356300AD9DB9F0FD665 ] wuauserv C:\WINDOWS\system32\wuaueng.dll 17:29:42.0520 5896 wuauserv - ok 17:29:42.0541 5896 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys 17:29:42.0542 5896 WudfPf - ok 17:29:42.0559 5896 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys 17:29:42.0561 5896 WUDFRd - ok 17:29:42.0564 5896 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 17:29:42.0565 5896 WUDFSensorLP - ok 17:29:42.0593 5896 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll 17:29:42.0595 5896 wudfsvc - ok 17:29:42.0597 5896 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 17:29:42.0598 5896 WUDFWpdFs - ok 17:29:42.0600 5896 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 17:29:42.0601 5896 WUDFWpdMtp - ok 17:29:42.0626 5896 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll 17:29:42.0647 5896 WwanSvc - ok 17:29:42.0659 5896 ================ Scan global =============================== 17:29:42.0688 5896 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll 17:29:42.0720 5896 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll 17:29:42.0742 5896 [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll 17:29:42.0778 5896 [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe 17:29:42.0783 5896 [Global] - ok 17:29:42.0784 5896 ================ Scan MBR ================================== 17:29:42.0812 5896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:29:42.0982 5896 \Device\Harddisk0\DR0 - ok 17:29:42.0983 5896 ================ Scan VBR ================================== 17:29:42.0984 5896 [ 71E9E41B8E45E527CBAA3B2EF87C63B5 ] \Device\Harddisk0\DR0\Partition1 17:29:42.0984 5896 \Device\Harddisk0\DR0\Partition1 - ok 17:29:43.0015 5896 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2 17:29:43.0015 5896 \Device\Harddisk0\DR0\Partition2 - ok 17:29:43.0038 5896 [ 3F56EF2A5B9C9F6D1EE250137776146C ] \Device\Harddisk0\DR0\Partition3 17:29:43.0039 5896 \Device\Harddisk0\DR0\Partition3 - ok 17:29:43.0065 5896 [ 2724CBA3468A1F32C1E03666D2C080CE ] \Device\Harddisk0\DR0\Partition4 17:29:43.0066 5896 \Device\Harddisk0\DR0\Partition4 - ok 17:29:43.0067 5896 ============================================================ 17:29:43.0067 5896 Scan finished 17:29:43.0067 5896 ============================================================ 17:29:43.0076 5888 Detected object count: 0 17:29:43.0076 5888 Actual detected object count: 0 17:29:52.0870 5788 Deinitialize success |
www.Startfenster.com entfernen Servus, Schritt 1 Downloade Dir bitte
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. ![]()
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Gibt es noch Probleme mit "Startfenster"? Wenn ja, in welchem Browser? Bitte poste mit deiner nächsten Antwort
www.Startfenster.com entfernen So AdwCleaner[S1]:
ATTFilter # AdwCleaner v2.011 - Datei am 07/12/2012 um 17:55:52 erstellt # Aktualisiert am 02/12/2012 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : Russell - RUSS-GAMINGPC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Russell\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16442 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v23.0.1271.95 Datei : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [700 octets] - [07/12/2012 17:55:52] ########## EOF - C:\AdwCleaner[S1].txt - [759 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.9.5 (12.06.2012:6) OS: Windows 8 x64 Ran by Russell on 07.12.2012 at 18:05:49,00 Blog: hxxp://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.12.2012 at 18:08:36,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter OTL logfile created on: 07.12.2012 18:12:55 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Russell\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16433) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,66% Memory free 11,33 Gb Paging File | 9,91 Gb Available in Paging File | 87,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,92 Gb Total Space | 187,34 Gb Free Space | 75,57% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 290,51 Gb Free Space | 99,16% Space Free | Partition Type: NTFS Computer Name: RUSS-GAMINGPC | User Name: Russell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.06 20:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Russell\Desktop\OTL.exe PRC - [2012.12.06 17:11:13 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.10.11 03:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.10.29 04:20:49 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 07:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.09.20 07:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.16 20:17:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.11 03:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe -- (NIS) SRV - [2012.09.20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.16 18:43:59 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.18 07:17:18 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:54 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symds64.sys -- (SymDS) DRV:64bit: - [2012.10.04 02:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.20 08:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.20 07:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.09.20 07:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symnets.sys -- (SymNetS) DRV:64bit: - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.06.20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symelam.sys -- (SymELAM) DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 15:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr) DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi) DRV - [2012.11.16 19:06:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121206.003\ex64.sys -- (NAVEX15) DRV - [2012.11.16 19:06:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.11.16 19:06:42 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121206.003\eng64.sys -- (NAVENG) DRV - [2012.11.16 17:08:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121205.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.11.06 23:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.10.10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com/setzen/goto?url=www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 9C A1 39 1D C4 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.16 18:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.12.07 13:20:25 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll CHR - Extension: Google Drive = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Norton Identity Protection = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\ CHR - Extension: Google Mail = C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B8B42FF-2F3A-4EF2-8C75-EBE6B39F08A4}: DhcpNameServer = O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.07 18:05:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2012.12.07 18:04:48 | 000,000,000 | ---D | C] -- C:\JRT [2012.12.07 17:54:57 | 000,441,533 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Russell\Desktop\JRT.exe [2012.12.07 13:28:00 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\.terasology [2012.12.06 20:42:37 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\tdsskiller.exe [2012.12.06 20:42:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Russell\Desktop\aswMBR.exe [2012.12.06 20:40:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Russell\Desktop\OTL.exe [2012.12.06 17:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.06 17:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.06 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Apps [2012.12.06 16:51:36 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Diagnostics [2012.12.06 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Google [2012.12.06 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\dvdcss [2012.12.06 13:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2012.12.05 12:42:29 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\SysNative\hamachi.sys [2012.12.05 12:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.12.05 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.12.04 19:05:44 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\.minecraft [2012.12.04 18:30:30 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\Minecraft Server [2012.12.01 11:14:32 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Apple Computer [2012.12.01 11:14:32 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Apple Computer [2012.12.01 11:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.01 11:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE [2012.12.01 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.01 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.01 11:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.01 11:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.01 11:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.01 11:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.01 11:13:30 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Apple [2012.12.01 11:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.12.01 11:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.12.01 11:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.12.01 11:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.12.01 11:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.30 16:19:08 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org [2012.11.29 17:17:52 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Eclipse [2012.11.28 20:55:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2012.11.28 20:53:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.11.28 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Origin [2012.11.28 20:19:12 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Origin [2012.11.28 20:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.11.28 20:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.11.28 20:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.11.28 20:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.11.28 18:42:39 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\My Games [2012.11.28 18:41:29 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Programs [2012.11.25 10:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.21 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\Russell\Documents\TmForever [2012.11.21 21:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2012.11.21 21:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever [2012.11.21 21:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever [2012.11.18 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Identities [2012.11.18 09:16:37 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symefa64.sys [2012.11.18 09:16:37 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtsp64.sys [2012.11.18 09:16:37 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symds64.sys [2012.11.18 09:16:37 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symnets.sys [2012.11.18 09:16:37 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\ironx64.sys [2012.11.18 09:16:37 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys [2012.11.18 09:16:37 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtspx64.sys [2012.11.18 09:16:37 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symelam.sys [2012.11.18 09:16:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013 [2012.11.18 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Deployment [2012.11.17 22:28:27 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice [2012.11.17 22:27:30 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\CrashDumps [2012.11.17 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Ubisoft Game Launcher [2012.11.17 20:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.11.17 09:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.17 08:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.11.17 08:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2012.11.16 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\NVIDIA [2012.11.16 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\logs [2012.11.16 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\.techniclauncher [2012.11.16 20:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.11.16 20:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2012.11.16 20:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2012.11.16 20:17:35 | 000,000,000 | -H-D | C] -- C:\Users\Russell\Desktop\old [2012.11.16 20:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer [2012.11.16 20:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2012.11.16 20:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2012.11.16 20:06:31 | 000,059,392 | ---- | C] (Technic) -- C:\Users\Russell\Desktop\TechnicLauncher.exe [2012.11.16 20:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.11.16 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Ubisoft [2012.11.16 19:19:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.16 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.11.16 19:16:16 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\LogMeIn Hamachi [2012.11.16 19:15:32 | 017,418,928 | R--- | C] (Skype Technologies S.A.) -- C:\Users\Russell\Desktop\Skype.exe [2012.11.16 19:13:32 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Skype [2012.11.16 18:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2012.11.16 18:47:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.16 18:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.11.16 18:44:00 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS [2012.11.16 18:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.11.16 18:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.11.16 18:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64 [2012.11.16 18:43:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.11.16 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.11.16 18:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2012.11.16 18:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.16 18:41:28 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2012.11.16 18:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.11.16 18:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.16 18:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.11.16 18:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.11.16 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.16 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EXPERTool [2012.11.16 18:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.11.16 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.11.16 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.16 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.16 18:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.11.16 18:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.16 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Macromedia [2012.11.16 18:10:09 | 000,060,776 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll [2012.11.16 18:10:09 | 000,052,584 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll [2012.11.16 18:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.16 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.16 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.16 17:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.11.16 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.11.16 17:57:35 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.16 17:57:35 | 000,000,000 | R--D | C] -- C:\Users\Russell\Searches [2012.11.16 17:57:35 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.16 17:57:26 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Adobe [2012.11.16 17:56:56 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\VirtualStore [2012.11.16 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Packages [2012.11.16 17:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.16 17:54:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.16 17:54:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2012.11.16 17:51:24 | 000,000,000 | --SD | C] -- C:\Users\Russell\AppData\Roaming\Microsoft [2012.11.16 17:51:24 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2012.11.16 17:51:24 | 000,000,000 | R--D | C] -- C:\Users\Russell\Favorites [2012.11.16 17:51:24 | 000,000,000 | R--D | C] -- C:\Users\Russell\Desktop [2012.11.16 17:51:24 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.16 17:51:24 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Vorlagen [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\AppData\Local\Verlauf [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\AppData\Local\Temporary Internet Files [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Startmenü [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\SendTo [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Recent [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Netzwerkumgebung [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Lokale Einstellungen [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Documents\Eigene Videos [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Documents\Eigene Musik [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Eigene Dateien [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Documents\Eigene Bilder [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Druckumgebung [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Cookies [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\AppData\Local\Anwendungsdaten [2012.11.16 17:51:24 | 000,000,000 | -HSD | C] -- C:\Users\Russell\Anwendungsdaten [2012.11.16 17:51:24 | 000,000,000 | -H-D | C] -- C:\Users\Russell\AppData [2012.11.16 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Temp [2012.11.16 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Microsoft [2012.11.16 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.16 17:49:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012.11.16 17:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther [2012.11.14 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\Project HKW [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.07 18:04:28 | 000,441,533 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Russell\Desktop\JRT.exe [2012.12.07 18:02:03 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2012.12.07 18:02:03 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2012.12.07 18:02:03 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2012.12.07 18:02:03 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2012.12.07 18:02:03 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2012.12.07 17:59:20 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.07 17:57:40 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.07 17:57:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2012.12.07 17:57:15 | 2538,430,463 | -HS- | M] () -- C:\hiberfil.sys [2012.12.07 17:53:35 | 000,540,743 | ---- | M] () -- C:\Users\Russell\Desktop\adwcleaner.exe [2012.12.07 17:32:50 | 000,030,269 | ---- | M] () -- C:\Users\Russell\Desktop\OTL.zip [2012.12.07 14:16:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.06 20:55:37 | 000,000,000 | ---- | M] () -- C:\Users\Russell\defogger_reenable [2012.12.06 20:42:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\tdsskiller.exe [2012.12.06 20:42:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Russell\Desktop\aswMBR.exe [2012.12.06 20:41:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell\Desktop\Defogger.exe [2012.12.06 20:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Russell\Desktop\OTL.exe [2012.12.06 16:55:30 | 000,001,584 | ---- | M] () -- C:\Users\Russell\Desktop\iexplore - Verknüpfung.lnk [2012.12.06 16:48:19 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job [2012.12.05 16:37:59 | 000,335,491 | ---- | M] () -- C:\Users\Russell\Desktop\OptiFine_1.4.5_HD_U_D4.zip [2012.12.05 13:28:00 | 000,000,043 | ---- | M] () -- C:\Users\Russell\Desktop\Minecraft.bat [2012.12.05 12:42:24 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.12.04 20:53:24 | 001,902,743 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\Cat.DB [2012.12.04 20:53:11 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk [2012.12.04 17:52:57 | 000,001,612 | ---- | M] () -- C:\Users\Russell\Desktop\Open Office 3.lnk [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb [2012.12.02 11:50:51 | 000,007,606 | ---- | M] () -- C:\Users\Russell\AppData\Local\Resmon.ResmonCfg [2012.12.02 10:17:08 | 000,581,168 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\technic-launcher.jar [2012.12.02 09:22:16 | 000,581,172 | ---- | M] () -- C:\Users\Russell\AppData\Roaming\technic-launcher.jar.bak [2012.12.01 11:18:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2012.12.01 11:14:31 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin [2012.11.28 20:18:12 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.11.25 10:38:31 | 000,263,186 | ---- | M] () -- C:\Users\Russell\Desktop\Minecraft.exe [2012.11.21 21:21:10 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2012.11.19 14:49:00 | 000,281,944 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2012.11.19 14:48:43 | 000,013,946 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\VT20121114.016 [2012.11.17 09:36:21 | 000,001,351 | ---- | M] () -- C:\Users\Russell\Desktop\Steam.lnk [2012.11.17 08:18:15 | 000,001,394 | ---- | M] () -- C:\Users\Russell\Desktop\Gw2.lnk [2012.11.16 20:06:33 | 000,059,392 | ---- | M] (Technic) -- C:\Users\Russell\Desktop\TechnicLauncher.exe [2012.11.16 19:13:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2012.11.16 18:43:59 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS [2012.11.16 18:43:59 | 000,007,466 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT [2012.11.16 18:43:59 | 000,000,855 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF [2012.11.16 18:41:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2012.11.16 17:54:32 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagwrn.xml [2012.11.16 17:54:32 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagerr.xml [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.07 17:53:43 | 000,540,743 | ---- | C] () -- C:\Users\Russell\Desktop\adwcleaner.exe [2012.12.07 17:32:50 | 000,030,269 | ---- | C] () -- C:\Users\Russell\Desktop\OTL.zip [2012.12.06 20:55:37 | 000,000,000 | ---- | C] () -- C:\Users\Russell\defogger_reenable [2012.12.06 20:41:29 | 000,050,477 | ---- | C] () -- C:\Users\Russell\Desktop\Defogger.exe [2012.12.06 17:11:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.06 17:11:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.06 16:55:30 | 000,001,584 | ---- | C] () -- C:\Users\Russell\Desktop\iexplore - Verknüpfung.lnk [2012.12.06 15:57:44 | 000,001,276 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.google.de.lnk [2012.12.06 15:36:40 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job [2012.12.06 13:23:48 | 000,002,510 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012.12.05 16:37:58 | 000,335,491 | ---- | C] () -- C:\Users\Russell\Desktop\OptiFine_1.4.5_HD_U_D4.zip [2012.12.05 13:28:00 | 000,000,043 | ---- | C] () -- C:\Users\Russell\Desktop\Minecraft.bat [2012.12.04 20:53:10 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk [2012.12.04 18:20:17 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.12.04 17:52:57 | 000,001,612 | ---- | C] () -- C:\Users\Russell\Desktop\Open Office 3.lnk [2012.12.01 11:18:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2012.12.01 11:14:31 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.01 11:13:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.28 20:18:12 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.11.25 10:38:30 | 000,263,186 | ---- | C] () -- C:\Users\Russell\Desktop\Minecraft.exe [2012.11.21 21:21:09 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2012.11.19 14:48:53 | 000,281,944 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2012.11.19 14:48:43 | 001,902,743 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\Cat.DB [2012.11.19 14:48:43 | 000,013,946 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\VT20121114.016 [2012.11.18 09:16:37 | 000,009,670 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symelam64.cat [2012.11.18 09:16:37 | 000,007,611 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\ccsetx64.cat [2012.11.18 09:16:37 | 000,007,605 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtspx64.cat [2012.11.18 09:16:37 | 000,007,603 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symefa64.cat [2012.11.18 09:16:37 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symnet64.cat [2012.11.18 09:16:37 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtsp64.cat [2012.11.18 09:16:37 | 000,007,597 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symds64.cat [2012.11.18 09:16:37 | 000,007,593 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\iron.cat [2012.11.18 09:16:37 | 000,003,433 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symefa.inf [2012.11.18 09:16:37 | 000,002,851 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symds.inf [2012.11.18 09:16:37 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symnet.inf [2012.11.18 09:16:37 | 000,001,437 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtsp64.inf [2012.11.18 09:16:37 | 000,001,418 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\srtspx64.inf [2012.11.18 09:16:37 | 000,000,996 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symelam.inf [2012.11.18 09:16:37 | 000,000,853 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\ccsetx64.inf [2012.11.18 09:16:37 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\iron.inf [2012.11.18 09:16:26 | 000,009,103 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\symvtcer.dat [2012.11.18 09:16:26 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402000.013\isolate.ini [2012.11.18 08:53:25 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk [2012.11.17 19:24:09 | 000,361,934 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2012.11.17 19:23:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll [2012.11.17 19:23:49 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.11.17 09:36:21 | 000,001,351 | ---- | C] () -- C:\Users\Russell\Desktop\Steam.lnk [2012.11.17 08:18:15 | 000,001,394 | ---- | C] () -- C:\Users\Russell\Desktop\Gw2.lnk [2012.11.16 20:33:27 | 000,581,172 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\technic-launcher.jar.bak [2012.11.16 20:33:27 | 000,581,168 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\technic-launcher.jar [2012.11.16 19:13:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2012.11.16 19:05:44 | 000,007,606 | ---- | C] () -- C:\Users\Russell\AppData\Local\Resmon.ResmonCfg [2012.11.16 18:44:00 | 000,007,466 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT [2012.11.16 18:44:00 | 000,000,855 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF [2012.11.16 18:41:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2012.11.16 18:10:41 | 003,663,213 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin [2012.11.16 17:57:26 | 000,001,442 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.16 17:51:23 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagwrn.xml [2012.11.16 17:51:23 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagerr.xml [2012.11.16 17:48:39 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2012.11.21 21:21:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.10.11 06:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.10.11 06:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.05 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.minecraft [2012.12.06 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.techniclauncher [2012.12.07 13:28:00 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\.terasology [2012.12.06 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\logs [2012.11.30 16:19:08 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\OpenOffice.org [2012.11.28 20:19:50 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Origin [2012.11.16 19:31:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > |
www.Startfenster.com entfernen Servus, Fixen mit OTL
ATTFilter :OTL IE - HKU\S-1-5-21-1164504914-2703794853-1419484539-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startfenster.com/setzen/goto?url=www.google.de :Commands [emptytemp]
Erscheint "Startfenster" als Startseite oder wenn du einen neuen Tab öffnest? |
![]() | #9 |
www.Startfenster.com entfernen 12072012_200214:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-1164504914-2703794853-1419484539-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Russell ->Temp folder emptied: 4219135 bytes ->Temporary Internet Files folder emptied: 105371203 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 345126482 bytes ->Flash cache emptied: 1097 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 214631159 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9826015 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 9216 bytes Total Files Cleaned = 648,00 mb OTL by OldTimer - Version log created on 12072012_200214 Files\Folders moved on Reboot... C:\Users\Russell\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
![]() | #10 | |
www.Startfenster.com entfernen Servus, Erscheint "Startfenster" als Startseite oder wenn du einen neuen Tab öffnest?
Erstellen eines neuen Browser-Nutzerprofils Bitte berichte, ob das hilfreich war. ![]() |
![]() | #11 |
www.Startfenster.com entfernen Vielen Dank! Ja das hat geklappt! also als Startseite kommt jetzt wieder google, heißt das jetzt das Teil ist weg und ich muss mir keine Sorgen mehr machen oder soll ich jetzt noch was tun?
![]() | #12 | |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() www.Startfenster.com entfernen Servus, Zitat:
![]() Wir führen noch ein paar Kontrollen durch. Da du Windows 8 besitzt, kann es sein, dass evtl. ein Schritt nicht funktioniert. Sollte dies der Fall sein, so gib mir bitte Bescheid. ![]() Schritt 1 Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
![]() | #13 |
www.Startfenster.com entfernen Ok habe alles durchlaufen lassen den Malwarebytes' Anti-Malware scan habe ich durchführen lassen aber ich habe das Ergebnisse anzeigen nicht gefunden...
ATTFilter Malwarebytes Anti-Malware (Test) www.malwarebytes.org Datenbank Version: v2012.12.08.03 Windows 7 x64 NTFS Internet Explorer 9.10.9200.16433 Russell :: RUSS-GAMINGPC [Administrator] Schutz: Aktiviert 08.12.2012 11:13:19 mbam-log-2012-12-08 (11-13-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223482 Laufzeit: 1 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=6e13b92fa552214bb8e29691d7275c4d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-08 11:06:03 # local_time=2012-12-08 12:06:03 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=3591 16777213 100 91 670818 117561348 0 0 # compatibility_mode=5893 16776574 100 94 11666336 14470874 0 0 # scanned=152358 # found=0 # cleaned=0 # scan_time=2654 Code:
ATTFilter Results of screen317's Security Check version 0.99.56 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version Java 7 Update 9 Adobe Flash Player 11.5.502.110 Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
www.Startfenster.com entfernen Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 1 Downloade dir bitte delfix auf deinen Desktop.
Schritt 2 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
![]() | #15 |
www.Startfenster.com entfernen Alles erledigt hat super funktioniert Vielen vielen vielen vielen Dank für die Hilfe und die Zeit die du mir geschenkt hast, werde deine Tipps mir zu Herzen nehmen und nochmal vielen vielen Dank³
