| |
| |||||||
Log-Analyse und Auswertung: SMTP-Aktivität ohne Auslösung durch UserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.12.2012, 17:24
| #1 |
 |  SMTP-Aktivität ohne Auslösung durch User Hallo liebe Leute, ich weiß nicht genau, ob ich mir den richtigen Ort für meinen Post ausgesucht habe, hoffe aber schon. Nachdem Ihr mir beim letzten Problem mit dem Laptop meiner Eltern schon so hervorragend weitergeholfen habt, möchte ich hier nun mein neues Problem, diesmal auf meinem eigenen Rechner, schildern: Seit einigen Tagen bemerke ich eine stark erhöhte Latenz (Ping). Dies ist nicht dauerhaft der Fall sondern tritt +- alle 40 Minuten (habe mitgeschrieben) auf und bleibt dann für 6-11 Minuten so. Bemerkt habe ich es durch Spielen eines Online-Spiels, wobei ich mich auf einmal nicht mehr bewegen konnte und auch ein Verbindungsverlust angezeigt wurde. Jetzt habe ich schon einiges gegooglet, mich mit der Telekom beraten, Leitung messen lassen etc. Alles brachte nichts. Habe im Forum der Telekom (Telekom hilft hxxp://feedback.telekom-hilft.de/questions/latenz-ping-in-regelmassigen-abstanden-zu-hoch) einen Post hinterlassen, da ich der Meinung war, das eventuell was mit einem Server / Backbone, über den ich geroutet werde nicht stimmt. Nach Auswertung mit "tracert" habe ich festgestellt, dass der Ping allerdings schon ab dem ersten Hop sehr hoch ist und es folglich irgendwo an meinem Netzwerk liegen muss (korrigiert mich). Danach habe ich zum Test nochmals gespielt und eine Aufzeichnung des kompletten Traffics über den Router gemacht. Dabei habe ich notiert, zu welchem Zeitpunkt die Ausfälle auftreten. In "wireshark" habe ich mir dann die Zeiträume angesehen und siehe da: SMTP-Aktivität. Die Vermutung lag also nahe, dass ich mir, unerklärlicherweise, einen Trojaner eingefangen habe. Avast, Kaspersky, MBAM und bitdefender sagen aber etwas anderes. Alle Programme finden nichts. Habe ein paar tracert-Daten kopiert und auch das Log vom Mitschnitt. Stelle ich gerne zur Verfügung, wenn benötigt. Ich würde auf jeden Fall gerne mal Eure Meinung wissen, ob ich mir was gefangen habe oder eben nicht und ich eventuell nur die Netzwerkkarte tauschen muss o.ä. Ich komme auf jeden Fall alleine nicht dahinter ... Im Voraus schon einmal besten Dank für Eure Mühen! |
|
17.12.2012, 18:38
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SMTP-Aktivität ohne Auslösung durch User Wenn du deinen Rechner analysieren lassen willst, bist du in diesem Subforum eigentlich falsch. Soll ich verschieben oder willst du auf etwas anderes hinaus?
__________________ Zitat:
__________________ |
|
17.12.2012, 19:32
| #3 |
| | SMTP-Aktivität ohne Auslösung durch User Servus,
__________________kannst gerne schieben. Mir stellt sich eben die Frage, ob das überhaupt Malware ist oder eventuell ein normaler Prozess, der mir als Laie eben nur in Auge gesprungen ist ... Wahrscheinlich bin ich bei einer Analyse tatsächlich besser aufgehoben. Also bitte: schiebi-schiebi-mache |
|
17.12.2012, 19:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch User Ok, hab schiebi gemacht Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.12.2012, 20:24
| #5 |
| | SMTP-Aktivität ohne Auslösung durch User Hallo, hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 17.12.2012 20:12:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf Wedel\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,07% Memory free 15,96 Gb Paging File | 13,83 Gb Available in Paging File | 86,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 0,72 Gb Free Space | 1,29% Space Free | Partition Type: NTFS Drive D: | 449,09 Gb Total Space | 435,01 Gb Free Space | 96,87% Space Free | Partition Type: NTFS Drive E: | 482,42 Gb Total Space | 304,08 Gb Free Space | 63,03% Space Free | Partition Type: NTFS Computer Name: RALFWEDEL-PC | User Name: ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.17 20:10:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf Wedel\Desktop\OTL.exe PRC - [2012.12.17 10:26:43 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 PRC - [2012.12.03 21:39:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2011.10.17 17:59:13 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe PRC - [2011.10.17 17:58:06 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2011.03.31 04:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe PRC - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.07.08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe PRC - [2009.05.04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.17 10:26:43 | 000,697,884 | ---- | M] () -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0016\~df394b.tmp MOD - [2012.12.17 10:26:43 | 000,592,896 | ---- | M] () -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0016\~de6248.tmp MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll MOD - [2011.03.31 04:37:10 | 000,491,520 | ---- | M] () -- C:\Windows\system\cmau106.dll MOD - [2011.03.31 04:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe MOD - [2009.04.20 10:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.15 21:47:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.03 21:39:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2011.10.17 17:59:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.10.17 17:59:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.10.17 17:59:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService) SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.08 20:44:43 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.10.17 17:58:06 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.03.31 04:37:23 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.01.16 21:00:42 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\.DEFAULT\..\SearchScopes\{387B71AB-63BE-495f-AB16-2138C14CEF57}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV IE - HKU\.DEFAULT\..\SearchScopes\{5020147F-054C-49cd-A2F2-D97160CF9C14}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-18\..\SearchScopes\{387B71AB-63BE-495f-AB16-2138C14CEF57}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV IE - HKU\S-1-5-18\..\SearchScopes\{5020147F-054C-49cd-A2F2-D97160CF9C14}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=6a2002de000000000000002522cc5fb3 IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 5E 1C E6 E6 8C CC 01 [binary data] IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=6a2002de000000000000002522cc5fb3 IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{26B4244B-C442-4b77-A41E-0547AF0D044A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{61C28394-F303-4c40-97DC-EF17DC50784B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 8E D5 63 12 DA CD 01 [binary data] IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes,DefaultScope = {06C4E017-6066-4ca6-BBA6-073E405C3296} IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{06C4E017-6066-4ca6-BBA6-073E405C3296}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{3C43DBF3-F4EF-40CD-AC85-004A8A8700E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=975BC462-0215-4E04-85A7-18BA4BE5B297&apn_sauid=82AA2D18-0A96-437C-86AF-945E92F1EE3C IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{4C96CEE1-01E4-42da-B325-C53A9BBB10FC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{6ED25BBE-3D67-42c1-AF28-C7FB20CA7DB7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.06 20:22:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.16 21:55:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.18 20:28:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.03 16:12:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.23 12:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.06 20:22:55 | 000,000,000 | ---D | M] [2012.03.06 22:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.26 22:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012.03.06 22:35:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.09.29 08:17:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.07 20:12:10 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: Google Drive = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DealPly = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: avast! WebRep = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Google Mail = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" File not found O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex File not found O4 - Startup: C:\Users\Kerstin Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2748BC59-DAB4-45B7-91A0-F7A04EE3144E}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 16:18:59 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes [2012.12.17 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.17 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.17 16:18:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.16 21:56:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Google [2012.12.16 21:55:47 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.12.16 21:55:47 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.12.16 21:55:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.12.16 21:55:47 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.12.16 21:55:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.12.16 21:55:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.12.16 21:55:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.12.16 21:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.12.16 21:55:39 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.12.16 21:55:39 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.12.16 21:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.12.16 21:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.12.16 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.12.16 17:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.12.14 16:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.12.14 16:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2012.12.07 14:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDUSA NX [2012.12.07 14:55:54 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.dll [2012.12.07 14:55:49 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa106.dll [2012.12.07 14:55:46 | 001,307,648 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10664.sys [2012.12.07 14:55:46 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr106.dll [2012.12.04 17:03:51 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision [2012.12.04 16:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.03 20:42:09 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2012.12.03 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\PunkBuster [2012.12.03 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.03 15:49:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.12.02 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.27 13:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.21 20:18:34 | 000,000,000 | ---D | C] -- C:\temp [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 19:51:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2006095363-1618975956-3749406713-1000UA.job [2012.12.17 19:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.17 16:20:12 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 15:51:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2006095363-1618975956-3749406713-1000Core.job [2012.12.17 14:45:54 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.17 14:45:54 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.17 14:44:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.17 10:33:40 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 10:33:40 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 10:30:44 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 10:30:44 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.17 10:30:44 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 10:30:44 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.17 10:30:44 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 10:26:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 10:26:31 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys [2012.12.16 21:55:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.16 21:55:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.12.16 21:04:43 | 583,264,448 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.14 16:47:54 | 000,001,156 | ---- | M] () -- C:\Users\ADMIN\Desktop\Splashtop Connect aktivieren.lnk [2012.12.14 10:21:42 | 000,294,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.07 14:55:57 | 000,001,782 | ---- | M] () -- C:\Users\ADMIN\Desktop\MEDUSA NX USB 5.1 Gaming Headset.lnk [2012.12.07 14:55:57 | 000,000,604 | ---- | M] () -- C:\Windows\Cm106.ini.cfl [2012.12.07 14:55:49 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2012.12.07 14:55:48 | 000,001,085 | ---- | M] () -- C:\Windows\Cm106.ini.imi [2012.12.07 14:55:43 | 000,001,034 | ---- | M] () -- C:\Windows\System\Cm106.ini [2012.12.04 17:03:51 | 000,000,774 | ---- | M] () -- C:\Users\ADMIN\Desktop\EVGA Precision.lnk [2012.12.03 21:39:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.03 20:42:09 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.03 16:12:39 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 16:18:49 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.16 21:55:47 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.16 21:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.12.15 21:21:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 16:48:57 | 000,000,649 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2012.12.13 12:29:54 | 583,264,448 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.07 14:55:57 | 000,001,782 | ---- | C] () -- C:\Users\ADMIN\Desktop\MEDUSA NX USB 5.1 Gaming Headset.lnk [2012.12.07 14:55:56 | 000,491,520 | ---- | C] () -- C:\Windows\System\cmau106.dll [2012.12.07 14:55:56 | 000,221,184 | ---- | C] () -- C:\Windows\System\cm106eye.exe [2012.12.07 14:55:56 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2012.12.07 14:55:56 | 000,013,782 | ---- | C] () -- C:\Windows\logoSPLK.bmp [2012.12.07 14:55:55 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM106.cpl [2012.12.07 14:55:49 | 000,000,604 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2012.12.07 14:55:48 | 000,804,352 | ---- | C] () -- C:\Windows\SysNative\Cmeau106.exe [2012.12.07 14:55:48 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2012.12.07 14:55:43 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2012.12.07 14:55:43 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2012.12.07 14:55:43 | 000,001,085 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2012.12.04 17:03:51 | 000,000,774 | ---- | C] () -- C:\Users\ADMIN\Desktop\EVGA Precision.lnk [2012.12.03 21:30:33 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.03 21:30:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.03 21:30:32 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.12.03 20:42:09 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2012.12.03 16:12:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.03 16:12:39 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.07.06 20:21:45 | 000,245,316 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.07.06 20:21:45 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.05.20 15:33:58 | 000,245,485 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012.05.20 15:28:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011.10.17 17:59:58 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.10.17 17:59:58 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2011.10.17 17:59:58 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2011.10.17 17:59:48 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.10.17 17:59:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.03.31 04:37:10 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.28 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Splashtop [2012.02.22 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\OpenOffice.org [2011.11.01 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\Splashtop [2011.11.01 18:30:40 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\Thunderbird [2011.12.07 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Babylon [2011.10.17 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\DeviceVm [2012.01.29 01:30:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\OpenOffice.org [2012.11.30 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Origin [2012.12.17 10:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\QuickScan [2011.10.17 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Splashtop [2011.10.23 12:33:43 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Thunderbird [2012.03.12 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\TS3Client [2012.12.15 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Wireshark ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.28 12:06:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.16 21:55:46 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.17 17:53:45 | 000,000,000 | ---D | M] -- C:\Intel [2012.11.21 08:48:21 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.16 21:55:32 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.16 21:59:07 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.17 16:18:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.17 20:13:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.21 20:18:34 | 000,000,000 | ---D | M] -- C:\temp [2012.06.28 12:06:09 | 000,000,000 | R--D | M] -- C:\Users [2012.12.16 21:55:39 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.07.06 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Adobe [2012.07.07 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\HP [2012.07.06 20:36:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\HpUpdate [2012.06.28 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Identities [2012.07.06 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Macromedia [2012.12.17 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs [2012.12.03 15:53:01 | 000,000,000 | --SD | M] -- C:\Users\ADMIN\AppData\Roaming\Microsoft [2012.06.28 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Splashtop [2012.07.06 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.12.2012 20:12:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf Wedel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,07% Memory free
15,96 Gb Paging File | 13,83 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 0,72 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 449,09 Gb Total Space | 435,01 Gb Free Space | 96,87% Space Free | Partition Type: NTFS
Drive E: | 482,42 Gb Total Space | 304,08 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
Computer Name: RALFWEDEL-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BBDB49-11C1-4D3D-AE75-3853C8F75ABB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0A17FB93-5A02-4154-B416-1AF8572FAE30}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0E5E35F4-2098-47CC-8C32-D0F59FB3B2D5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F16A7A0-E58E-4ECE-87B6-8227C033808B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{14098F68-0F63-43DD-87C7-D330391E4821}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{1671F303-9596-4B71-B2ED-6693138FA307}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{226D4BF4-D354-4BC0-A9DD-7E8DF360BE41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{3087CE7D-69AF-4BA9-A379-E450A5C782DB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{3C1F51D4-34E3-4F8E-82D2-30E114233F0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{47A801AD-C19A-455C-BB89-DF507FCC535D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4BEF22B3-9008-4E76-AC2D-14B0BF0C93AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{50E0BCB4-E326-4FE7-B2AB-174A3CA10638}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5133E067-D461-4BB1-995D-A27265990E56}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5C779E04-7DC3-44AD-A440-C50799C2FE70}" = protocol=6 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs36e6\hppiw.exe |
"{63A45FD1-7FF5-4FCF-A885-C1053737D767}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{67041AF1-7FAF-4492-8BBB-ADA434D982F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{6A24727A-01AE-4FFB-977F-C46C818A2D68}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7DF60815-837A-4557-B71C-145533F9F029}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{829221A4-86A4-46C2-869E-DD85ADB89EDD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{85D7079F-D062-43F0-A203-2B5B6CDF25BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{99EC12B1-7284-4579-BC93-7FFD62AC9C63}" = protocol=17 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs39d2\hppiw.exe |
"{9E6969F3-DEA1-44FF-96F1-5EA3584BABAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B2919292-77CA-426C-B302-2C04D85EE3A9}" = protocol=17 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs36e6\hppiw.exe |
"{B36BECCB-BD84-4DA1-9219-A0FA5A3EC9A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{C22DC5DA-7A9E-4287-BA1F-343494412405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{C874B801-31D0-42B0-B990-1F24EA18EAB4}" = protocol=6 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs39d2\hppiw.exe |
"{CEF19EA1-53AF-40D4-8275-A422DC0A7ADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D70CCFA4-08BB-4793-A233-2AA5DDAE8587}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{D76751F9-1BB0-4F97-8F1C-F34BE60E4297}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E0130FAD-E717-4526-94F9-BB6CBC2E122C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{E3137623-98F5-4DC7-BD86-4EE7FB5D4693}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E42A8F36-EC34-4B28-8C04-F64DA0F2261C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E452BA73-3ED5-4F57-874F-8A2933DD5B87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E9E37C7D-9EF0-4DAD-8CC4-181856BD1A10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F192D1AF-9CBA-4DCC-9652-417C567C1757}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F8B5F3D1-FB0C-4646-8D64-375D21097070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"TCP Query User{9CB1B32D-72BF-4774-9E7B-D1A94E653C78}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{F853E47C-F808-485A-8526-49B65EC7E14E}C:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{FE5B127F-45FF-4C24-8BEE-7729C77CF5DA}D:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9339C68B-44DF-43FF-8965-1C7D26E92356}D:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9E74E796-3C4C-4DC2-AD74-1C8D7C4596CC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A7D2583B-C320-48C6-851D-8A3502FC7032}C:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"C-Media CM106 Like Sound Driver" = MEDUSA NX USB 5.1 Gaming Headset
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}" = Splashtop Connect IE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DealPly" = DealPly
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Precision" = EVGA Precision 2.1.2
"PunkBusterSvc" = PunkBuster Services
"SystemRequirementsLab" = System Requirements Lab
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.4 (64-bit)
"XFastUsb" = XFastUsb
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2012 10:58:43 | Computer Name = RalfWedel-PC | Source = MsiInstaller | ID = 11601
Description =
Error - 03.12.2012 10:58:44 | Computer Name = RalfWedel-PC | Source = MsiInstaller | ID = 11601
Description =
Error - 04.12.2012 08:02:48 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1360 Startzeit:
01cdd216564f5752 Endzeit: 304 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:
Error - 10.12.2012 06:28:44 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
0x50b9768b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008521 ID des fehlerhaften Prozesses:
0x102c Startzeit der fehlerhaften Anwendung: 0x01cdd6bed275e24b Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\nvwgf2um.dll Berichtskennung: 5f206391-42b4-11e2-bf8a-002522cc5fb3
Error - 13.12.2012 09:45:35 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
0x50b9768b Ausnahmecode: 0xc0000005 Fehleroffset: 0x001f05af ID des fehlerhaften Prozesses:
0xe90 Startzeit der fehlerhaften Anwendung: 0x01cdd935e27ed4dd Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\nvwgf2um.dll Berichtskennung: 5e41b245-452b-11e2-a314-002522cc5fb3
Error - 13.12.2012 10:49:37 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
0x50b9768b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00103a7d ID des fehlerhaften Prozesses:
0xe74 Startzeit der fehlerhaften Anwendung: 0x01cdd93b9aa7206d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\nvwgf2um.dll Berichtskennung: 503efe3b-4534-11e2-a314-002522cc5fb3
Error - 15.12.2012 16:33:49 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x1340 Startzeit der fehlerhaften Anwendung: 0x01cddb01b660692c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: baa573a2-46f6-11e2-b318-002522cc5fb3
Error - 16.12.2012 17:42:51 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1180 Startzeit:
01cddbd608b36af6 Endzeit: 29 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:
Error - 16.12.2012 17:45:54 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dbc Startzeit:
01cddbd66bccfb2f Endzeit: 22 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:
Error - 17.12.2012 06:57:25 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 88c Startzeit:
01cddc44d6fef626 Endzeit: 23 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:
[ System Events ]
Error - 12.12.2012 06:10:00 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.12.2012 07:29:55 | Computer Name = RalfWedel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 12:28:50 unerwartet heruntergefahren.
Error - 13.12.2012 07:30:10 | Computer Name = RalfWedel-PC | Source = BugCheck | ID = 1001
Description =
Error - 13.12.2012 07:31:15 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.12.2012 15:01:53 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.12.2012 14:00:07 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.12.2012 16:04:45 | Computer Name = RalfWedel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?12.?2012 um 21:02:59 unerwartet heruntergefahren.
Error - 16.12.2012 16:04:51 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.12.2012 16:04:54 | Computer Name = RalfWedel-PC | Source = BugCheck | ID = 1001
Description =
Error - 16.12.2012 17:43:29 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Wer will schon was damit  |
|
17.12.2012, 20:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch UserCode:
ATTFilter 64bit- Professional Service Pack 1
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ --> SMTP-Aktivität ohne Auslösung durch User |
|
17.12.2012, 20:43
| #7 |
| | SMTP-Aktivität ohne Auslösung durch User Hi, nein, ist mein privater Rechner. Habe die Pro-Version, da die der Verkäufer günstig übrig hatte. |
|
17.12.2012, 23:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch User 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 10:32
| #9 |
| | SMTP-Aktivität ohne Auslösung durch User zu 1.) Es wurden keine Definitionen geladen oder abgefragt, ob etwas geladen werden soll. Den Scan habe ich trotzdem laufen lassen: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-18 10:24:20
-----------------------------
10:24:20.797 OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:20.797 Number of processors: 8 586 0x2A07
10:24:20.798 ComputerName: RALFWEDEL-PC UserName: ADMIN
10:24:20.931 Initialize success
10:24:20.975 AVAST engine defs: 12121702
10:25:18.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:18.800 Disk 0 Vendor: OCZ-AGILITY3 2.13 Size: 57241MB BusType: 3
10:25:18.808 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:18.812 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
10:25:18.826 Disk 0 MBR read successfully
10:25:18.830 Disk 0 MBR scan
10:25:18.833 Disk 0 Windows 7 default MBR code
10:25:18.837 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:25:18.841 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
10:25:18.847 Disk 0 scanning C:\Windows\system32\drivers
10:25:20.182 Service scanning
10:25:23.201 Modules scanning
10:25:23.210 Disk 0 trace - called modules:
10:25:23.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:25:23.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007239790]
10:25:23.230 3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> [0xfffffa8007042520]
10:25:23.235 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007003060]
10:25:23.376 AVAST engine scan C:\Windows
10:25:23.674 AVAST engine scan C:\Windows\system32
10:25:44.725 AVAST engine scan C:\Windows\system32\drivers
10:25:46.098 AVAST engine scan C:\Users\ADMIN
10:25:51.716 AVAST engine scan C:\ProgramData
10:25:56.098 Scan finished successfully
10:26:15.068 Disk 0 MBR has been saved successfully to "C:\Users\Ralf Wedel\Desktop\MBR.dat"
10:26:15.071 The log file has been saved successfully to "C:\Users\Ralf Wedel\Desktop\aswMBR.txt"
zu 2.) Code:
ATTFilter 10:26:53.0809 4744 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:26:54.0029 4744 ============================================================
10:26:54.0029 4744 Current date / time: 2012/12/18 10:26:54.0029
10:26:54.0029 4744 SystemInfo:
10:26:54.0029 4744
10:26:54.0029 4744 OS Version: 6.1.7601 ServicePack: 1.0
10:26:54.0029 4744 Product type: Workstation
10:26:54.0029 4744 ComputerName: RALFWEDEL-PC
10:26:54.0030 4744 UserName: ADMIN
10:26:54.0030 4744 Windows directory: C:\Windows
10:26:54.0030 4744 System windows directory: C:\Windows
10:26:54.0030 4744 Running under WOW64
10:26:54.0030 4744 Processor architecture: Intel x64
10:26:54.0030 4744 Number of processors: 8
10:26:54.0030 4744 Page size: 0x1000
10:26:54.0030 4744 Boot type: Normal boot
10:26:54.0030 4744 ============================================================
10:26:54.0177 4744 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:54.0186 4744 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:54.0199 4744 ============================================================
10:26:54.0199 4744 \Device\Harddisk0\DR0:
10:26:54.0199 4744 MBR partitions:
10:26:54.0199 4744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:26:54.0199 4744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
10:26:54.0199 4744 \Device\Harddisk1\DR1:
10:26:54.0199 4744 MBR partitions:
10:26:54.0199 4744 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3822E000
10:26:54.0199 4744 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3822E800, BlocksNum 0x3C4D7800
10:26:54.0199 4744 ============================================================
10:26:54.0200 4744 C: <-> \Device\Harddisk0\DR0\Partition2
10:26:54.0225 4744 D: <-> \Device\Harddisk1\DR1\Partition1
10:26:54.0256 4744 E: <-> \Device\Harddisk1\DR1\Partition2
10:26:54.0256 4744 ============================================================
10:26:54.0256 4744 Initialize success
10:26:54.0256 4744 ============================================================
10:27:11.0562 1324 ============================================================
10:27:11.0562 1324 Scan started
10:27:11.0562 1324 Mode: Manual;
10:27:11.0562 1324 ============================================================
10:27:11.0691 1324 ================ Scan system memory ========================
10:27:11.0691 1324 System memory - ok
10:27:11.0692 1324 ================ Scan services =============================
10:27:11.0727 1324 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:27:11.0731 1324 1394ohci - ok
10:27:11.0740 1324 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:27:11.0745 1324 ACPI - ok
10:27:11.0748 1324 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:27:11.0750 1324 AcpiPmi - ok
10:27:11.0755 1324 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:11.0756 1324 AdobeARMservice - ok
10:27:11.0782 1324 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:11.0786 1324 AdobeFlashPlayerUpdateSvc - ok
10:27:11.0798 1324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:11.0806 1324 adp94xx - ok
10:27:11.0815 1324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:27:11.0820 1324 adpahci - ok
10:27:11.0826 1324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:27:11.0830 1324 adpu320 - ok
10:27:11.0836 1324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:27:11.0837 1324 AeLookupSvc - ok
10:27:11.0846 1324 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:27:11.0852 1324 AFD - ok
10:27:11.0857 1324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:27:11.0858 1324 agp440 - ok
10:27:11.0862 1324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:27:11.0863 1324 ALG - ok
10:27:11.0867 1324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:27:11.0867 1324 aliide - ok
10:27:11.0871 1324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:27:11.0872 1324 amdide - ok
10:27:11.0876 1324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:27:11.0877 1324 AmdK8 - ok
10:27:11.0881 1324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:27:11.0882 1324 AmdPPM - ok
10:27:11.0887 1324 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:27:11.0888 1324 amdsata - ok
10:27:11.0895 1324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:11.0896 1324 amdsbs - ok
10:27:11.0900 1324 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:27:11.0901 1324 amdxata - ok
10:27:11.0906 1324 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:27:11.0906 1324 AppID - ok
10:27:11.0910 1324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:27:11.0911 1324 AppIDSvc - ok
10:27:11.0916 1324 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:27:11.0917 1324 Appinfo - ok
10:27:11.0921 1324 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:27:11.0922 1324 AppMgmt - ok
10:27:11.0926 1324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:27:11.0926 1324 arc - ok
10:27:11.0928 1324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:27:11.0930 1324 arcsas - ok
10:27:11.0932 1324 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
10:27:11.0932 1324 AsrAppCharger - ok
10:27:11.0935 1324 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:27:11.0935 1324 aswFsBlk - ok
10:27:11.0937 1324 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:27:11.0938 1324 aswMonFlt - ok
10:27:11.0941 1324 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:27:11.0941 1324 aswRdr - ok
10:27:11.0951 1324 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:27:11.0955 1324 aswSnx - ok
10:27:11.0961 1324 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:27:11.0962 1324 aswSP - ok
10:27:11.0965 1324 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:27:11.0966 1324 aswTdi - ok
10:27:11.0967 1324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:11.0967 1324 AsyncMac - ok
10:27:11.0970 1324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:27:11.0971 1324 atapi - ok
10:27:11.0980 1324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:11.0987 1324 AudioEndpointBuilder - ok
10:27:11.0996 1324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:27:12.0000 1324 AudioSrv - ok
10:27:12.0003 1324 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:27:12.0005 1324 avast! Antivirus - ok
10:27:12.0007 1324 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:27:12.0008 1324 AxInstSV - ok
10:27:12.0016 1324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:27:12.0021 1324 b06bdrv - ok
10:27:12.0026 1324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:27:12.0027 1324 b57nd60a - ok
10:27:12.0032 1324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:27:12.0032 1324 BDESVC - ok
10:27:12.0035 1324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:27:12.0035 1324 Beep - ok
10:27:12.0045 1324 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:27:12.0052 1324 BFE - ok
10:27:12.0063 1324 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:27:12.0077 1324 BITS - ok
10:27:12.0082 1324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:12.0082 1324 blbdrive - ok
10:27:12.0087 1324 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:27:12.0088 1324 bowser - ok
10:27:12.0092 1324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:12.0093 1324 BrFiltLo - ok
10:27:12.0096 1324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:12.0097 1324 BrFiltUp - ok
10:27:12.0102 1324 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:27:12.0103 1324 Browser - ok
10:27:12.0111 1324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:27:12.0113 1324 Brserid - ok
10:27:12.0117 1324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:12.0120 1324 BrSerWdm - ok
10:27:12.0122 1324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:12.0123 1324 BrUsbMdm - ok
10:27:12.0127 1324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:12.0127 1324 BrUsbSer - ok
10:27:12.0130 1324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:12.0130 1324 BTHMODEM - ok
10:27:12.0135 1324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:27:12.0135 1324 bthserv - ok
10:27:12.0137 1324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:27:12.0138 1324 cdfs - ok
10:27:12.0142 1324 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:27:12.0143 1324 cdrom - ok
10:27:12.0147 1324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:27:12.0147 1324 CertPropSvc - ok
10:27:12.0151 1324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:27:12.0151 1324 circlass - ok
10:27:12.0157 1324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:27:12.0162 1324 CLFS - ok
10:27:12.0168 1324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:12.0170 1324 clr_optimization_v2.0.50727_32 - ok
10:27:12.0173 1324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:27:12.0175 1324 clr_optimization_v2.0.50727_64 - ok
10:27:12.0177 1324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:12.0177 1324 CmBatt - ok
10:27:12.0180 1324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:27:12.0180 1324 cmdide - ok
10:27:12.0186 1324 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:27:12.0192 1324 CNG - ok
10:27:12.0195 1324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:27:12.0195 1324 Compbatt - ok
10:27:12.0197 1324 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:27:12.0197 1324 CompositeBus - ok
10:27:12.0200 1324 COMSysApp - ok
10:27:12.0202 1324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:12.0202 1324 crcdisk - ok
10:27:12.0205 1324 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:27:12.0206 1324 Creative ALchemy AL6 Licensing Service - ok
10:27:12.0208 1324 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:27:12.0210 1324 Creative Audio Engine Licensing Service - ok
10:27:12.0213 1324 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:27:12.0215 1324 CryptSvc - ok
10:27:12.0223 1324 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:27:12.0231 1324 CSC - ok
10:27:12.0247 1324 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:27:12.0258 1324 CscService - ok
10:27:12.0268 1324 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:27:12.0272 1324 CTAudSvcService - ok
10:27:12.0286 1324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:27:12.0297 1324 DcomLaunch - ok
10:27:12.0305 1324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:27:12.0310 1324 defragsvc - ok
10:27:12.0315 1324 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:27:12.0317 1324 DfsC - ok
10:27:12.0325 1324 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:27:12.0330 1324 Dhcp - ok
10:27:12.0333 1324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:27:12.0335 1324 discache - ok
10:27:12.0338 1324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:27:12.0340 1324 Disk - ok
10:27:12.0346 1324 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:27:12.0348 1324 Dnscache - ok
10:27:12.0356 1324 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:27:12.0361 1324 dot3svc - ok
10:27:12.0366 1324 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:27:12.0367 1324 Dot4 - ok
10:27:12.0372 1324 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:27:12.0372 1324 Dot4Print - ok
10:27:12.0376 1324 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:27:12.0377 1324 dot4usb - ok
10:27:12.0382 1324 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:27:12.0385 1324 DPS - ok
10:27:12.0388 1324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:27:12.0388 1324 drmkaud - ok
10:27:12.0407 1324 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:27:12.0415 1324 DXGKrnl - ok
10:27:12.0421 1324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:27:12.0422 1324 EapHost - ok
10:27:12.0475 1324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:27:12.0523 1324 ebdrv - ok
10:27:12.0528 1324 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:27:12.0532 1324 EFS - ok
10:27:12.0548 1324 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:27:12.0560 1324 ehRecvr - ok
10:27:12.0565 1324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:27:12.0566 1324 ehSched - ok
10:27:12.0577 1324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:27:12.0585 1324 elxstor - ok
10:27:12.0588 1324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:27:12.0588 1324 ErrDev - ok
10:27:12.0595 1324 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
10:27:12.0595 1324 EtronHub3 - ok
10:27:12.0600 1324 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
10:27:12.0600 1324 EtronXHCI - ok
10:27:12.0611 1324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:27:12.0617 1324 EventSystem - ok
10:27:12.0625 1324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:27:12.0627 1324 exfat - ok
10:27:12.0633 1324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:27:12.0637 1324 fastfat - ok
10:27:12.0650 1324 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:27:12.0661 1324 Fax - ok
10:27:12.0665 1324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:27:12.0666 1324 fdc - ok
10:27:12.0670 1324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:27:12.0671 1324 fdPHost - ok
10:27:12.0675 1324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:27:12.0677 1324 FDResPub - ok
10:27:12.0681 1324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:27:12.0682 1324 FileInfo - ok
10:27:12.0686 1324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:27:12.0687 1324 Filetrace - ok
10:27:12.0690 1324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:12.0691 1324 flpydisk - ok
10:27:12.0697 1324 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:27:12.0700 1324 FltMgr - ok
10:27:12.0703 1324 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
10:27:12.0703 1324 FNETTBOH_305 - ok
10:27:12.0706 1324 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
10:27:12.0706 1324 FNETURPX - ok
10:27:12.0720 1324 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
10:27:12.0735 1324 FontCache - ok
10:27:12.0740 1324 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:27:12.0741 1324 FontCache3.0.0.0 - ok
10:27:12.0746 1324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:27:12.0746 1324 FsDepends - ok
10:27:12.0750 1324 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:27:12.0751 1324 Fs_Rec - ok
10:27:12.0757 1324 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:27:12.0760 1324 fvevol - ok
10:27:12.0762 1324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:12.0763 1324 gagp30kx - ok
10:27:12.0773 1324 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:27:12.0781 1324 gpsvc - ok
10:27:12.0783 1324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:27:12.0785 1324 hcw85cir - ok
10:27:12.0792 1324 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:12.0797 1324 HdAudAddService - ok
10:27:12.0802 1324 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:27:12.0803 1324 HDAudBus - ok
10:27:12.0807 1324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:12.0808 1324 HidBatt - ok
10:27:12.0815 1324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:27:12.0816 1324 HidBth - ok
10:27:12.0818 1324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:27:12.0820 1324 HidIr - ok
10:27:12.0822 1324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:27:12.0823 1324 hidserv - ok
10:27:12.0825 1324 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:27:12.0826 1324 HidUsb - ok
10:27:12.0828 1324 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:27:12.0831 1324 hkmsvc - ok
10:27:12.0836 1324 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:27:12.0840 1324 HomeGroupListener - ok
10:27:12.0843 1324 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:27:12.0847 1324 HomeGroupProvider - ok
10:27:12.0856 1324 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:27:12.0858 1324 hpqcxs08 - ok
10:27:12.0861 1324 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:27:12.0862 1324 hpqddsvc - ok
10:27:12.0866 1324 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:27:12.0866 1324 HpSAMD - ok
10:27:12.0878 1324 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:27:12.0887 1324 HPSLPSVC - ok
10:27:12.0900 1324 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:27:12.0908 1324 HTTP - ok
10:27:12.0911 1324 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:27:12.0911 1324 hwpolicy - ok
10:27:12.0915 1324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:27:12.0916 1324 i8042prt - ok
10:27:12.0922 1324 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:27:12.0926 1324 iaStorV - ok
10:27:12.0938 1324 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:27:12.0948 1324 idsvc - ok
10:27:12.0951 1324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:27:12.0952 1324 iirsp - ok
10:27:12.0963 1324 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:27:12.0973 1324 IKEEXT - ok
10:27:13.0007 1324 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:27:13.0017 1324 IntcAzAudAddService - ok
10:27:13.0021 1324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:27:13.0021 1324 intelide - ok
10:27:13.0025 1324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:27:13.0025 1324 intelppm - ok
10:27:13.0027 1324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:27:13.0028 1324 IPBusEnum - ok
10:27:13.0032 1324 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:13.0032 1324 IpFilterDriver - ok
10:27:13.0040 1324 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:27:13.0045 1324 iphlpsvc - ok
10:27:13.0047 1324 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:27:13.0048 1324 IPMIDRV - ok
10:27:13.0051 1324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:27:13.0052 1324 IPNAT - ok
10:27:13.0053 1324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:27:13.0055 1324 IRENUM - ok
10:27:13.0056 1324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:27:13.0056 1324 isapnp - ok
10:27:13.0061 1324 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:27:13.0063 1324 iScsiPrt - ok
10:27:13.0066 1324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:13.0066 1324 kbdclass - ok
10:27:13.0068 1324 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:27:13.0068 1324 kbdhid - ok
10:27:13.0070 1324 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:27:13.0071 1324 KeyIso - ok
10:27:13.0075 1324 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:27:13.0075 1324 KSecDD - ok
10:27:13.0078 1324 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:27:13.0080 1324 KSecPkg - ok
10:27:13.0086 1324 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
10:27:13.0087 1324 KSS - ok
10:27:13.0088 1324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:27:13.0090 1324 ksthunk - ok
10:27:13.0096 1324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:27:13.0101 1324 KtmRm - ok
10:27:13.0105 1324 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:27:13.0108 1324 LanmanServer - ok
10:27:13.0111 1324 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:13.0113 1324 LanmanWorkstation - ok
10:27:13.0117 1324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:27:13.0117 1324 lltdio - ok
10:27:13.0121 1324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:27:13.0125 1324 lltdsvc - ok
10:27:13.0126 1324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:27:13.0127 1324 lmhosts - ok
10:27:13.0131 1324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:13.0131 1324 LSI_FC - ok
10:27:13.0135 1324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:13.0136 1324 LSI_SAS - ok
10:27:13.0137 1324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:13.0138 1324 LSI_SAS2 - ok
10:27:13.0141 1324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:13.0142 1324 LSI_SCSI - ok
10:27:13.0145 1324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:27:13.0146 1324 luafv - ok
10:27:13.0150 1324 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:27:13.0152 1324 McComponentHostService - ok
10:27:13.0155 1324 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:27:13.0156 1324 Mcx2Svc - ok
10:27:13.0158 1324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:27:13.0158 1324 megasas - ok
10:27:13.0163 1324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:13.0166 1324 MegaSR - ok
10:27:13.0168 1324 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:27:13.0168 1324 MEIx64 - ok
10:27:13.0171 1324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:27:13.0172 1324 MMCSS - ok
10:27:13.0175 1324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:27:13.0175 1324 Modem - ok
10:27:13.0178 1324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:27:13.0180 1324 monitor - ok
10:27:13.0183 1324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:27:13.0185 1324 mouclass - ok
10:27:13.0188 1324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:27:13.0188 1324 mouhid - ok
10:27:13.0193 1324 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:27:13.0195 1324 mountmgr - ok
10:27:13.0201 1324 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:27:13.0202 1324 mpio - ok
10:27:13.0207 1324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:27:13.0208 1324 mpsdrv - ok
10:27:13.0223 1324 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:27:13.0237 1324 MpsSvc - ok
10:27:13.0252 1324 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:27:13.0255 1324 MRxDAV - ok
10:27:13.0260 1324 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:13.0262 1324 mrxsmb - ok
10:27:13.0268 1324 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:13.0272 1324 mrxsmb10 - ok
10:27:13.0277 1324 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:13.0280 1324 mrxsmb20 - ok
10:27:13.0283 1324 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:27:13.0283 1324 msahci - ok
10:27:13.0290 1324 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:27:13.0291 1324 msdsm - ok
10:27:13.0296 1324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:27:13.0301 1324 MSDTC - ok
10:27:13.0306 1324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:27:13.0307 1324 Msfs - ok
10:27:13.0311 1324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:27:13.0311 1324 mshidkmdf - ok
10:27:13.0315 1324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:27:13.0316 1324 msisadrv - ok
10:27:13.0321 1324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:27:13.0325 1324 MSiSCSI - ok
10:27:13.0327 1324 msiserver - ok
10:27:13.0331 1324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:27:13.0332 1324 MSKSSRV - ok
10:27:13.0336 1324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:13.0336 1324 MSPCLOCK - ok
10:27:13.0340 1324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:27:13.0340 1324 MSPQM - ok
10:27:13.0348 1324 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:27:13.0353 1324 MsRPC - ok
10:27:13.0360 1324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:27:13.0361 1324 mssmbios - ok
10:27:13.0365 1324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:27:13.0366 1324 MSTEE - ok
10:27:13.0370 1324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:13.0370 1324 MTConfig - ok
10:27:13.0373 1324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:27:13.0375 1324 Mup - ok
10:27:13.0385 1324 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:27:13.0395 1324 napagent - ok
10:27:13.0402 1324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:27:13.0406 1324 NativeWifiP - ok
10:27:13.0425 1324 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:27:13.0441 1324 NDIS - ok
10:27:13.0445 1324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:13.0446 1324 NdisCap - ok
10:27:13.0450 1324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:13.0450 1324 NdisTapi - ok
10:27:13.0455 1324 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:13.0455 1324 Ndisuio - ok
10:27:13.0461 1324 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:13.0463 1324 NdisWan - ok
10:27:13.0467 1324 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:27:13.0468 1324 NDProxy - ok
10:27:13.0475 1324 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:27:13.0476 1324 Net Driver HPZ12 - ok
10:27:13.0478 1324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:27:13.0478 1324 NetBIOS - ok
10:27:13.0485 1324 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:27:13.0487 1324 NetBT - ok
10:27:13.0490 1324 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:27:13.0491 1324 Netlogon - ok
10:27:13.0497 1324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:27:13.0502 1324 Netman - ok
10:27:13.0510 1324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:27:13.0516 1324 netprofm - ok
10:27:13.0518 1324 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:13.0520 1324 NetTcpPortSharing - ok
10:27:13.0523 1324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:27:13.0523 1324 nfrd960 - ok
10:27:13.0530 1324 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:27:13.0533 1324 NlaSvc - ok
10:27:13.0537 1324 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
10:27:13.0538 1324 NPF - ok
10:27:13.0540 1324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:27:13.0541 1324 Npfs - ok
10:27:13.0542 1324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:27:13.0545 1324 nsi - ok
10:27:13.0546 1324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:27:13.0547 1324 nsiproxy - ok
10:27:13.0571 1324 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:27:13.0590 1324 Ntfs - ok
10:27:13.0592 1324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:27:13.0592 1324 Null - ok
10:27:13.0596 1324 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:27:13.0597 1324 NVHDA - ok
10:27:13.0706 1324 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:27:13.0743 1324 nvlddmkm - ok
10:27:13.0750 1324 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:27:13.0750 1324 nvraid - ok
10:27:13.0753 1324 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:27:13.0755 1324 nvstor - ok
10:27:13.0763 1324 [ 3341D2C91989BC87C3C0BAA97C27253B ] NVSvc C:\Windows\system32\nvvsvc.exe
10:27:13.0771 1324 NVSvc - ok
10:27:13.0782 1324 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:27:13.0787 1324 nvUpdatusService - ok
10:27:13.0791 1324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:27:13.0792 1324 nv_agp - ok
10:27:13.0795 1324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:27:13.0796 1324 ohci1394 - ok
10:27:13.0801 1324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:27:13.0805 1324 p2pimsvc - ok
10:27:13.0811 1324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:27:13.0817 1324 p2psvc - ok
10:27:13.0820 1324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:27:13.0820 1324 Parport - ok
10:27:13.0822 1324 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:27:13.0823 1324 partmgr - ok
10:27:13.0827 1324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:27:13.0830 1324 PcaSvc - ok
10:27:13.0833 1324 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:27:13.0836 1324 pci - ok
10:27:13.0837 1324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:27:13.0837 1324 pciide - ok
10:27:13.0841 1324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:13.0842 1324 pcmcia - ok
10:27:13.0845 1324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:27:13.0845 1324 pcw - ok
10:27:13.0853 1324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:27:13.0860 1324 PEAUTH - ok
10:27:13.0872 1324 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:27:13.0882 1324 PeerDistSvc - ok
10:27:13.0905 1324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:27:13.0907 1324 PerfHost - ok
10:27:13.0926 1324 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:27:13.0941 1324 pla - ok
10:27:13.0947 1324 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:27:13.0953 1324 PlugPlay - ok
10:27:13.0958 1324 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:27:13.0961 1324 Pml Driver HPZ12 - ok
10:27:13.0966 1324 PnkBstrA - ok
10:27:13.0970 1324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:27:13.0973 1324 PNRPAutoReg - ok
10:27:13.0982 1324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:27:13.0987 1324 PNRPsvc - ok
10:27:13.0998 1324 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:27:14.0007 1324 PolicyAgent - ok
10:27:14.0015 1324 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:27:14.0020 1324 Power - ok
10:27:14.0025 1324 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:27:14.0026 1324 PptpMiniport - ok
10:27:14.0031 1324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:27:14.0031 1324 Processor - ok
10:27:14.0038 1324 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:27:14.0043 1324 ProfSvc - ok
10:27:14.0047 1324 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:14.0050 1324 ProtectedStorage - ok
10:27:14.0055 1324 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:27:14.0057 1324 Psched - ok
10:27:14.0085 1324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:27:14.0107 1324 ql2300 - ok
10:27:14.0111 1324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:27:14.0113 1324 ql40xx - ok
10:27:14.0118 1324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:27:14.0123 1324 QWAVE - ok
10:27:14.0126 1324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:27:14.0126 1324 QWAVEdrv - ok
10:27:14.0128 1324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:27:14.0128 1324 RasAcd - ok
10:27:14.0132 1324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:14.0132 1324 RasAgileVpn - ok
10:27:14.0136 1324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:27:14.0138 1324 RasAuto - ok
10:27:14.0143 1324 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:14.0145 1324 Rasl2tp - ok
10:27:14.0150 1324 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:27:14.0155 1324 RasMan - ok
10:27:14.0158 1324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:14.0160 1324 RasPppoe - ok
10:27:14.0162 1324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:27:14.0163 1324 RasSstp - ok
10:27:14.0170 1324 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:27:14.0173 1324 rdbss - ok
10:27:14.0176 1324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:27:14.0176 1324 rdpbus - ok
10:27:14.0178 1324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:14.0178 1324 RDPCDD - ok
10:27:14.0185 1324 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:27:14.0186 1324 RDPDR - ok
10:27:14.0188 1324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:27:14.0188 1324 RDPENCDD - ok
10:27:14.0192 1324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:27:14.0192 1324 RDPREFMP - ok
10:27:14.0196 1324 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:27:14.0197 1324 RDPWD - ok
10:27:14.0201 1324 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:27:14.0203 1324 rdyboost - ok
10:27:14.0206 1324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:27:14.0207 1324 RemoteAccess - ok
10:27:14.0211 1324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:27:14.0213 1324 RemoteRegistry - ok
10:27:14.0217 1324 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
10:27:14.0218 1324 rpcapd - ok
10:27:14.0221 1324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:27:14.0222 1324 RpcEptMapper - ok
10:27:14.0225 1324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:27:14.0226 1324 RpcLocator - ok
10:27:14.0233 1324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:27:14.0236 1324 RpcSs - ok
10:27:14.0242 1324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:27:14.0242 1324 rspndr - ok
10:27:14.0250 1324 [ 515C75D77C64909690C18C08EF3FC310 ] RTCore64 D:\Program Files (x86)\EVGA Precision\RTCore64.sys
10:27:14.0250 1324 RTCore64 - ok
10:27:14.0257 1324 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:27:14.0260 1324 RTL8167 - ok
10:27:14.0263 1324 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:27:14.0265 1324 s3cap - ok
10:27:14.0268 1324 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:27:14.0271 1324 SamSs - ok
10:27:14.0275 1324 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:27:14.0277 1324 sbp2port - ok
10:27:14.0283 1324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:27:14.0288 1324 SCardSvr - ok
10:27:14.0300 1324 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
10:27:14.0305 1324 SCBackService - ok
10:27:14.0310 1324 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:27:14.0311 1324 scfilter - ok
10:27:14.0327 1324 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:27:14.0342 1324 Schedule - ok
10:27:14.0346 1324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:27:14.0347 1324 SCPolicySvc - ok
10:27:14.0352 1324 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:27:14.0358 1324 SDRSVC - ok
10:27:14.0362 1324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:27:14.0363 1324 secdrv - ok
10:27:14.0367 1324 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:27:14.0371 1324 seclogon - ok
10:27:14.0376 1324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:27:14.0380 1324 SENS - ok
10:27:14.0383 1324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:27:14.0388 1324 SensrSvc - ok
10:27:14.0392 1324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:27:14.0392 1324 Serenum - ok
10:27:14.0398 1324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:27:14.0400 1324 Serial - ok
10:27:14.0403 1324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:27:14.0405 1324 sermouse - ok
10:27:14.0411 1324 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:27:14.0413 1324 SessionEnv - ok
10:27:14.0416 1324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:27:14.0416 1324 sffdisk - ok
10:27:14.0418 1324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:27:14.0418 1324 sffp_mmc - ok
10:27:14.0420 1324 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:27:14.0421 1324 sffp_sd - ok
10:27:14.0422 1324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:27:14.0423 1324 sfloppy - ok
10:27:14.0428 1324 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:27:14.0432 1324 SharedAccess - ok
10:27:14.0438 1324 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:27:14.0442 1324 ShellHWDetection - ok
10:27:14.0445 1324 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:27:14.0446 1324 SiSRaid2 - ok
10:27:14.0448 1324 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:27:14.0448 1324 SiSRaid4 - ok
10:27:14.0450 1324 SmartViewService - ok
10:27:14.0455 1324 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:27:14.0455 1324 Smb - ok
10:27:14.0458 1324 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:27:14.0460 1324 SNMPTRAP - ok
10:27:14.0463 1324 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
10:27:14.0463 1324 Sound Blaster X-Fi MB Licensing Service - ok
10:27:14.0466 1324 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:27:14.0466 1324 spldr - ok
10:27:14.0473 1324 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:27:14.0481 1324 Spooler - ok
10:27:14.0525 1324 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:27:14.0580 1324 sppsvc - ok
10:27:14.0586 1324 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:27:14.0591 1324 sppuinotify - ok
10:27:14.0601 1324 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:27:14.0607 1324 srv - ok
10:27:14.0617 1324 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:27:14.0625 1324 srv2 - ok
10:27:14.0631 1324 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:27:14.0633 1324 srvnet - ok
10:27:14.0640 1324 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:27:14.0646 1324 SSDPSRV - ok
10:27:14.0650 1324 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:27:14.0655 1324 SstpSvc - ok
10:27:14.0663 1324 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:27:14.0667 1324 Stereo Service - ok
10:27:14.0672 1324 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:27:14.0672 1324 stexstor - ok
10:27:14.0683 1324 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:27:14.0691 1324 stisvc - ok
10:27:14.0695 1324 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:27:14.0695 1324 storflt - ok
10:27:14.0697 1324 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:27:14.0700 1324 StorSvc - ok
10:27:14.0702 1324 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:27:14.0702 1324 storvsc - ok
10:27:14.0705 1324 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:27:14.0706 1324 swenum - ok
10:27:14.0713 1324 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:27:14.0722 1324 swprv - ok
10:27:14.0740 1324 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:27:14.0755 1324 SysMain - ok
10:27:14.0758 1324 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:27:14.0762 1324 TabletInputService - ok
10:27:14.0767 1324 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:27:14.0772 1324 TapiSrv - ok
10:27:14.0775 1324 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:27:14.0777 1324 TBS - ok
10:27:14.0795 1324 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:27:14.0817 1324 Tcpip - ok
10:27:14.0838 1324 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:27:14.0847 1324 TCPIP6 - ok
10:27:14.0852 1324 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:27:14.0853 1324 tcpipreg - ok
10:27:14.0857 1324 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:27:14.0857 1324 TDPIPE - ok
10:27:14.0859 1324 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:27:14.0859 1324 TDTCP - ok
10:27:14.0863 1324 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:27:14.0863 1324 tdx - ok
10:27:14.0866 1324 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:27:14.0866 1324 TermDD - ok
10:27:14.0874 1324 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:27:14.0882 1324 TermService - ok
10:27:14.0884 1324 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:27:14.0887 1324 Themes - ok
10:27:14.0890 1324 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:27:14.0891 1324 THREADORDER - ok
10:27:14.0894 1324 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:27:14.0896 1324 TrkWks - ok
10:27:14.0900 1324 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:27:14.0902 1324 TrustedInstaller - ok
10:27:14.0905 1324 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:14.0905 1324 tssecsrv - ok
10:27:14.0908 1324 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:27:14.0908 1324 TsUsbFlt - ok
10:27:14.0911 1324 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:27:14.0912 1324 tunnel - ok
10:27:14.0915 1324 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:27:14.0916 1324 uagp35 - ok
10:27:14.0921 1324 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:27:14.0924 1324 udfs - ok
10:27:14.0928 1324 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:27:14.0930 1324 UI0Detect - ok
10:27:14.0933 1324 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:27:14.0934 1324 uliagpkx - ok
10:27:14.0936 1324 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:27:14.0936 1324 umbus - ok
10:27:14.0939 1324 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:27:14.0939 1324 UmPass - ok
10:27:14.0944 1324 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:27:14.0947 1324 UmRdpService - ok
10:27:14.0953 1324 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:27:14.0958 1324 upnphost - ok
10:27:14.0962 1324 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:27:14.0963 1324 usbaudio - ok
10:27:14.0966 1324 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:14.0967 1324 usbccgp - ok
10:27:14.0970 1324 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:27:14.0970 1324 usbcir - ok
10:27:14.0973 1324 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:27:14.0973 1324 usbehci - ok
10:27:14.0979 1324 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:27:14.0981 1324 usbhub - ok
10:27:14.0994 1324 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
10:27:15.0003 1324 USBMULCD - ok
10:27:15.0006 1324 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:27:15.0006 1324 usbohci - ok
10:27:15.0008 1324 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:27:15.0009 1324 usbprint - ok
10:27:15.0011 1324 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:27:15.0012 1324 usbscan - ok
10:27:15.0015 1324 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:27:15.0015 1324 USBSTOR - ok
10:27:15.0017 1324 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:27:15.0018 1324 usbuhci - ok
10:27:15.0020 1324 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:27:15.0022 1324 UxSms - ok
10:27:15.0024 1324 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:27:15.0025 1324 VaultSvc - ok
10:27:15.0027 1324 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:27:15.0027 1324 vdrvroot - ok
10:27:15.0034 1324 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:27:15.0041 1324 vds - ok
10:27:15.0043 1324 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:15.0044 1324 vga - ok
10:27:15.0046 1324 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:27:15.0046 1324 VgaSave - ok
10:27:15.0050 1324 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:27:15.0052 1324 vhdmp - ok
10:27:15.0054 1324 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:27:15.0054 1324 viaide - ok
10:27:15.0058 1324 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:27:15.0061 1324 vmbus - ok
10:27:15.0063 1324 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:27:15.0063 1324 VMBusHID - ok
10:27:15.0066 1324 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:27:15.0067 1324 volmgr - ok
10:27:15.0073 1324 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:27:15.0077 1324 volmgrx - ok
10:27:15.0081 1324 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:27:15.0084 1324 volsnap - ok
10:27:15.0088 1324 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:27:15.0089 1324 vsmraid - ok
10:27:15.0106 1324 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:27:15.0122 1324 VSS - ok
10:27:15.0125 1324 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:27:15.0126 1324 vwifibus - ok
10:27:15.0132 1324 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:27:15.0137 1324 W32Time - ok
10:27:15.0140 1324 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:27:15.0140 1324 WacomPen - ok
10:27:15.0143 1324 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:27:15.0144 1324 WANARP - ok
10:27:15.0146 1324 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:27:15.0146 1324 Wanarpv6 - ok
10:27:15.0168 1324 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:27:15.0188 1324 WatAdminSvc - ok
10:27:15.0215 1324 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:27:15.0242 1324 wbengine - ok
10:27:15.0249 1324 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:27:15.0256 1324 WbioSrvc - ok
10:27:15.0265 1324 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:27:15.0274 1324 wcncsvc - ok
10:27:15.0278 1324 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:27:15.0283 1324 WcsPlugInService - ok
10:27:15.0293 1324 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
10:27:15.0297 1324 WCUService_STC_IE - ok
10:27:15.0302 1324 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:27:15.0303 1324 Wd - ok
10:27:15.0314 1324 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:27:15.0323 1324 Wdf01000 - ok
10:27:15.0328 1324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:27:15.0334 1324 WdiServiceHost - ok
10:27:15.0337 1324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:27:15.0340 1324 WdiSystemHost - ok
10:27:15.0346 1324 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:27:15.0351 1324 WebClient - ok
10:27:15.0356 1324 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:27:15.0360 1324 Wecsvc - ok
10:27:15.0363 1324 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:27:15.0366 1324 wercplsupport - ok
10:27:15.0369 1324 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:27:15.0371 1324 WerSvc - ok
10:27:15.0373 1324 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:15.0374 1324 WfpLwf - ok
10:27:15.0375 1324 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:27:15.0376 1324 WIMMount - ok
10:27:15.0377 1324 WinDefend - ok
10:27:15.0380 1324 WinHttpAutoProxySvc - ok
10:27:15.0388 1324 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:27:15.0391 1324 Winmgmt - ok
10:27:15.0412 1324 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:27:15.0439 1324 WinRM - ok
10:27:15.0458 1324 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:27:15.0471 1324 Wlansvc - ok
10:27:15.0473 1324 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:27:15.0474 1324 WmiAcpi - ok
10:27:15.0479 1324 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:27:15.0482 1324 wmiApSrv - ok
10:27:15.0484 1324 WMPNetworkSvc - ok
10:27:15.0487 1324 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:27:15.0490 1324 WPCSvc - ok
10:27:15.0494 1324 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:27:15.0497 1324 WPDBusEnum - ok
10:27:15.0500 1324 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:27:15.0501 1324 ws2ifsl - ok
10:27:15.0505 1324 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:27:15.0508 1324 wscsvc - ok
10:27:15.0511 1324 WSearch - ok
10:27:15.0546 1324 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:27:15.0586 1324 wuauserv - ok
10:27:15.0592 1324 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:27:15.0594 1324 WudfPf - ok
10:27:15.0600 1324 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:15.0602 1324 WUDFRd - ok
10:27:15.0607 1324 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:27:15.0612 1324 wudfsvc - ok
10:27:15.0619 1324 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:27:15.0626 1324 WwanSvc - ok
10:27:15.0630 1324 ================ Scan global ===============================
10:27:15.0633 1324 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:27:15.0639 1324 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:27:15.0650 1324 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:27:15.0658 1324 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:27:15.0669 1324 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:27:15.0674 1324 [Global] - ok
10:27:15.0674 1324 ================ Scan MBR ==================================
10:27:15.0676 1324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:27:15.0780 1324 \Device\Harddisk0\DR0 - ok
10:27:15.0783 1324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:27:15.0792 1324 \Device\Harddisk1\DR1 - ok
10:27:15.0792 1324 ================ Scan VBR ==================================
10:27:15.0794 1324 [ D4290853C200BE700DDA39E630761AD3 ] \Device\Harddisk0\DR0\Partition1
10:27:15.0796 1324 \Device\Harddisk0\DR0\Partition1 - ok
10:27:15.0798 1324 [ B23D0A909B68EA8C159D5665A6E3017F ] \Device\Harddisk0\DR0\Partition2
10:27:15.0799 1324 \Device\Harddisk0\DR0\Partition2 - ok
10:27:15.0801 1324 [ 9550598ACF1A61CDDD0C0E3A6FAAA016 ] \Device\Harddisk1\DR1\Partition1
10:27:15.0806 1324 \Device\Harddisk1\DR1\Partition1 - ok
10:27:15.0809 1324 [ 7FCAF5481902C10123F433460370DFBB ] \Device\Harddisk1\DR1\Partition2
10:27:15.0810 1324 \Device\Harddisk1\DR1\Partition2 - ok
10:27:15.0811 1324 ============================================================
10:27:15.0811 1324 Scan finished
10:27:15.0811 1324 ============================================================
10:27:15.0818 0136 Detected object count: 0
10:27:15.0818 0136 Actual detected object count: 0
|
|
18.12.2012, 22:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch User Ist unauffällig. Konntest du an Hand des Wireshark-Mitschnitts die Ursache bzw. Quelle der SMTP-Aktivität eingrenzen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 22:21
| #11 |
| | SMTP-Aktivität ohne Auslösung durch User Unauffällig ist schon mal gut Ich kann das leider nicht wirklich gut analysieren. Mich hat eben nur diese Aktivität beunruhigt. Außerdem ist es nervig, dass das wirklich +- alle 40 Minuten auftritt und somit alles was einen geringen Ping erfordert unmöglich macht. Kann ich hier ne ".cap" Datei anhängen und würdest Du freundlicherweise mal drauf schauen? |
|
18.12.2012, 22:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch User Wie groß ist die CAP-Datei denn gepackt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 22:29
| #13 |
| | SMTP-Aktivität ohne Auslösung durch User OK, hast ja Recht ... Können wir vergessen - selbst gepackt noch 63 MB. Ich könnte nach "smtp" filtern und nen Screenshot posten. Hilft das? Edit: alternativ kann ich Dich per Teamviewer auf mein System zugreifen lassen und Du schaust Dir die Datei hier an ... Geändert von MorkVomOrk (18.12.2012 um 22:36 Uhr) |
|
18.12.2012, 22:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMTP-Aktivität ohne Auslösung durch User Mach einen Screenshot von den SMTP-Einträgen oder filter nur nach SMTP und pack es dann in ein Log oder so
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 23:37
| #15 |
| | SMTP-Aktivität ohne Auslösung durch User Hi, hier ein paar Screenshots, die eventuell exemplarisch weiter helfen. Anhand der fortlaufenden Nummern (vorne) sieht man ja ganz gut, wie viel Traffic erzeugt wird. Man sieht ja auch, dass das ganze von 15:54 - 15:58 läuft, wobei web.de dann die Verbindung unterbindet. Selbes Spiel 16:27 - 16:31. |
|
| Themen zu SMTP-Aktivität ohne Auslösung durch User |
| auswertung, bitdefender, defender, festgestellt, forum, kaspersky, lag, laptop, leute, log, mbam, netzwerk, netzwerkkarte, neues, nicht mehr, problem, programme, rechner, router, server, spiele, spielen, telekom, test, trojaner, wireshark |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
