| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wgsdgsdgdsgsd.dll nich gefunden nach trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.12.2012, 12:47
| #1 |
 |  wgsdgsdgdsgsd.dll nich gefunden nach trojaner Hallo, mein PC hatte sich den "Bundespolizei-Virus" eingefangen und nach dem Windows-Start kam die Nachricht "Ihr Computer wurde gesperrt". Ich habe dann mit "Kaspersky WindowsUnlocker" (hxxp://www.chip.de/downloads/Kaspersky-WindowsUnlocker_54217363.html) gebootet und nach dem Windowsstart mit GData gescannt und es wurde "Trojan.Generic.KD.816158" gefunden. Die beiden infizierten Datein habe ich gelöscht und nun kommt nach dem Start von Windows die Meldung "Problem beim starten von ...wgsdgsdgdsgsd.dll - Das angegebene Modul konnte nicht gefunden werden". Sollte ich jetzt noch weitere Maßnahmen treffen? Schon mal Danke und viele Grüße |
|
24.12.2012, 17:06
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | wgsdgsdgdsgsd.dll nich gefunden nach trojaner Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________ |
|
30.12.2012, 20:35
| #3 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner hier dann mal die logs:
__________________Code:
ATTFilter Beim Öffnen der Datei "C:\Users\***\wgsdgsdgdsgsd.dll" wurde der Virus "Trojan.Generic.KD.816158 (Engine-A)" entdeckt. Zugriff verweigert.
Nach dem scan dann folgendes: Code:
ATTFilter Virenprüfung mit G Data InternetSecurity 2011
Version 21.1.0.5 (26.08.2010)
Virensignaturen vom
Startzeit: 24.12.2012 10:43:39
Engine(s): Engine A, Engine B
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 24.12.2012 11:05:59
136065 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Objekt: 1ede2ede-274d32ae
Pfad: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30
Status: Virus entfernt
Virus: Trojan.Generic.KD.816158 (Engine-A)
|
|
30.12.2012, 20:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.12.2012, 20:47
| #5 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner nein, mehr gibt es nicht. der erste ist allerdings 4x da (zu verschiedenen uhrzeiten) |
|
30.12.2012, 20:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> wgsdgsdgdsgsd.dll nich gefunden nach trojaner |
|
30.12.2012, 20:54
| #7 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner oh, sorry, gerade wurde noch folgendes gefunden (die automatische prüfung lief gerade): Code:
ATTFilter Virenprüfung mit G Data InternetSecurity 2011
Version 21.1.0.5 (26.08.2010)
Virensignaturen vom 30.12.2012
Job: Lokale Festplatten
Startzeit: 30.12.2012 20:24:37
Engine(s): Engine A (AVA 22.7239), Engine B (AVB 22.1351)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 30.12.2012 20:53:01
138515 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Archiv: 7f7e25c8-7b6d6b29
Pfad: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (2x) (Engine-A)
Objekt: ewjvaiwebvhtuai124a.class
In Archiv: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7f7e25c8-7b6d6b29
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine-A)
Objekt: test.class
In Archiv: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7f7e25c8-7b6d6b29
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine-A)
hier der logfile von Malwarebytes: Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.30.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]
30.12.2012 21:15:05
mbar-log-2012-12-30 (21-15-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27964
Time elapsed: 7 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Delete on reboot.
(end)
Geändert von laub.frosch (30.12.2012 um 21:35 Uhr) |
|
30.12.2012, 22:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 00:54
| #9 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner 1. aswMBR logfile: Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 00:37:51
-----------------------------
00:37:51.911 OS Version: Windows 6.1.7601 Service Pack 1
00:37:51.911 Number of processors: 4 586 0xF0B
00:37:51.911 ComputerName: ***-PC UserName: ***
00:37:53.643 Initialize success
00:40:15.374 AVAST engine defs: 12123001
00:40:39.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:40:39.288 Disk 0 Vendor: ST3500418AS HP22 Size: 476940MB BusType: 11
00:40:39.288 Disk 0 MBR read successfully
00:40:39.304 Disk 0 MBR scan
00:40:39.304 Disk 0 Windows 7 default MBR code
00:40:39.320 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:40:39.320 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 79900 MB offset 206848
00:40:39.351 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 396938 MB offset 163842048
00:40:39.366 Disk 0 scanning sectors +976771072
00:40:39.429 Disk 0 scanning C:\Windows\system32\drivers
00:40:47.291 Service scanning
00:41:02.954 Modules scanning
00:41:11.409 Disk 0 trace - called modules:
00:41:11.425 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
00:41:11.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e44030]
00:41:11.425 3 CLASSPNP.SYS[8b19559e] -> nt!IofCallDriver -> [0x858a28a0]
00:41:11.425 5 ACPI.sys[8aca73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858c8030]
00:41:11.846 AVAST engine scan C:\Windows
00:41:12.922 AVAST engine scan C:\Windows\system32
00:43:13.869 AVAST engine scan C:\Windows\system32\drivers
00:43:24.087 AVAST engine scan C:\Users\***
00:45:29.106 AVAST engine scan C:\ProgramData
00:45:48.481 Scan finished successfully
00:46:20.133 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
00:46:20.133 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
2. TDSS-Killer logfile: Code:
ATTFilter
00:49:40.0951 5460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:49:42.0963 5460 ============================================================
00:49:42.0963 5460 Current date / time: 2012/12/31 00:49:42.0963
00:49:42.0963 5460 SystemInfo:
00:49:42.0963 5460
00:49:42.0963 5460 OS Version: 6.1.7601 ServicePack: 1.0
00:49:42.0963 5460 Product type: Workstation
00:49:42.0963 5460 ComputerName: ***-PC
00:49:42.0963 5460 UserName: ***
00:49:42.0963 5460 Windows directory: C:\Windows
00:49:42.0963 5460 System windows directory: C:\Windows
00:49:42.0963 5460 Processor architecture: Intel x86
00:49:42.0963 5460 Number of processors: 4
00:49:42.0963 5460 Page size: 0x1000
00:49:42.0963 5460 Boot type: Normal boot
00:49:42.0963 5460 ============================================================
00:49:44.0040 5460 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:49:44.0055 5460 ============================================================
00:49:44.0055 5460 \Device\Harddisk0\DR0:
00:49:44.0055 5460 MBR partitions:
00:49:44.0055 5460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:49:44.0055 5460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0E000
00:49:44.0055 5460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x30745000
00:49:44.0055 5460 ============================================================
00:49:44.0071 5460 C: <-> \Device\Harddisk0\DR0\Partition2
00:49:44.0102 5460 D: <-> \Device\Harddisk0\DR0\Partition3
00:49:44.0102 5460 ============================================================
00:49:44.0102 5460 Initialize success
00:49:44.0102 5460 ============================================================
00:49:50.0311 4928 ============================================================
00:49:50.0311 4928 Scan started
00:49:50.0311 4928 Mode: Manual; SigCheck; TDLFS;
00:49:50.0311 4928 ============================================================
00:49:50.0888 4928 ================ Scan system memory ========================
00:49:50.0888 4928 System memory - ok
00:49:50.0888 4928 ================ Scan services =============================
00:49:51.0060 4928 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:49:51.0185 4928 1394ohci - ok
00:49:51.0200 4928 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:49:51.0231 4928 ACPI - ok
00:49:51.0247 4928 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:49:51.0278 4928 AcpiPmi - ok
00:49:51.0356 4928 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:49:51.0387 4928 AdobeARMservice - ok
00:49:51.0419 4928 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:49:51.0434 4928 AdobeFlashPlayerUpdateSvc - ok
00:49:51.0465 4928 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:49:51.0497 4928 adp94xx - ok
00:49:51.0512 4928 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:49:51.0543 4928 adpahci - ok
00:49:51.0543 4928 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:49:51.0575 4928 adpu320 - ok
00:49:51.0590 4928 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:49:51.0621 4928 AeLookupSvc - ok
00:49:51.0653 4928 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
00:49:51.0699 4928 AFD - ok
00:49:51.0715 4928 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
00:49:51.0746 4928 agp440 - ok
00:49:51.0762 4928 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
00:49:51.0777 4928 aic78xx - ok
00:49:51.0793 4928 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
00:49:51.0809 4928 ALG - ok
00:49:51.0840 4928 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
00:49:51.0855 4928 aliide - ok
00:49:51.0871 4928 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:49:51.0887 4928 amdagp - ok
00:49:51.0902 4928 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
00:49:51.0918 4928 amdide - ok
00:49:51.0933 4928 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:49:51.0965 4928 AmdK8 - ok
00:49:51.0965 4928 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:49:51.0996 4928 AmdPPM - ok
00:49:52.0011 4928 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:49:52.0027 4928 amdsata - ok
00:49:52.0043 4928 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:49:52.0074 4928 amdsbs - ok
00:49:52.0074 4928 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:49:52.0089 4928 amdxata - ok
00:49:52.0136 4928 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
00:49:52.0183 4928 AppID - ok
00:49:52.0214 4928 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:49:52.0261 4928 AppIDSvc - ok
00:49:52.0261 4928 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
00:49:52.0292 4928 Appinfo - ok
00:49:52.0339 4928 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:49:52.0370 4928 Apple Mobile Device - ok
00:49:52.0386 4928 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:49:52.0417 4928 arc - ok
00:49:52.0433 4928 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:49:52.0448 4928 arcsas - ok
00:49:52.0464 4928 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:49:52.0495 4928 AsyncMac - ok
00:49:52.0511 4928 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
00:49:52.0542 4928 atapi - ok
00:49:52.0573 4928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:49:52.0604 4928 AudioEndpointBuilder - ok
00:49:52.0620 4928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:49:52.0651 4928 Audiosrv - ok
00:49:52.0713 4928 [ 23B36AA7DE0BFC40924F8578971E83B2 ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
00:49:52.0760 4928 AVKProxy - ok
00:49:52.0807 4928 [ C992D139C0420DBF090DFB7B76C4B759 ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
00:49:52.0838 4928 AVKService - ok
00:49:52.0854 4928 [ 6E9DFE6241E6D0258A767BA70F6C2C9A ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
00:49:52.0901 4928 AVKWCtl - ok
00:49:52.0932 4928 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:49:52.0963 4928 AxInstSV - ok
00:49:52.0979 4928 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
00:49:53.0025 4928 b06bdrv - ok
00:49:53.0041 4928 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:49:53.0057 4928 b57nd60x - ok
00:49:53.0088 4928 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
00:49:53.0119 4928 BDESVC - ok
00:49:53.0150 4928 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
00:49:53.0181 4928 Beep - ok
00:49:53.0213 4928 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
00:49:53.0259 4928 BFE - ok
00:49:53.0275 4928 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
00:49:53.0306 4928 BITS - ok
00:49:53.0337 4928 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:49:53.0353 4928 blbdrive - ok
00:49:53.0400 4928 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:49:53.0431 4928 Bonjour Service - ok
00:49:53.0462 4928 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:49:53.0478 4928 bowser - ok
00:49:53.0493 4928 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:49:53.0525 4928 BrFiltLo - ok
00:49:53.0525 4928 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:49:53.0540 4928 BrFiltUp - ok
00:49:53.0571 4928 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
00:49:53.0587 4928 Browser - ok
00:49:53.0603 4928 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:49:53.0618 4928 Brserid - ok
00:49:53.0634 4928 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:49:53.0649 4928 BrSerWdm - ok
00:49:53.0649 4928 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:49:53.0681 4928 BrUsbMdm - ok
00:49:53.0681 4928 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:49:53.0712 4928 BrUsbSer - ok
00:49:53.0712 4928 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:49:53.0727 4928 BTHMODEM - ok
00:49:53.0759 4928 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
00:49:53.0790 4928 bthserv - ok
00:49:53.0821 4928 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:49:53.0852 4928 cdfs - ok
00:49:53.0883 4928 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:49:53.0899 4928 cdrom - ok
00:49:53.0915 4928 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
00:49:53.0961 4928 CertPropSvc - ok
00:49:53.0977 4928 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:49:54.0008 4928 circlass - ok
00:49:54.0024 4928 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
00:49:54.0039 4928 CLFS - ok
00:49:54.0086 4928 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:49:54.0117 4928 clr_optimization_v2.0.50727_32 - ok
00:49:54.0180 4928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:49:54.0211 4928 clr_optimization_v4.0.30319_32 - ok
00:49:54.0227 4928 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:49:54.0258 4928 CmBatt - ok
00:49:54.0273 4928 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:49:54.0289 4928 cmdide - ok
00:49:54.0320 4928 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
00:49:54.0351 4928 CNG - ok
00:49:54.0367 4928 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:49:54.0383 4928 Compbatt - ok
00:49:54.0398 4928 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:49:54.0429 4928 CompositeBus - ok
00:49:54.0429 4928 COMSysApp - ok
00:49:54.0445 4928 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:49:54.0461 4928 crcdisk - ok
00:49:54.0492 4928 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:49:54.0507 4928 CryptSvc - ok
00:49:54.0539 4928 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
00:49:54.0570 4928 DcomLaunch - ok
00:49:54.0601 4928 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
00:49:54.0632 4928 defragsvc - ok
00:49:54.0663 4928 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:49:54.0695 4928 DfsC - ok
00:49:54.0710 4928 DgiVecp - ok
00:49:54.0726 4928 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:49:54.0757 4928 Dhcp - ok
00:49:54.0757 4928 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
00:49:54.0788 4928 discache - ok
00:49:54.0835 4928 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:49:54.0866 4928 Disk - ok
00:49:54.0882 4928 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:49:54.0913 4928 Dnscache - ok
00:49:54.0929 4928 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
00:49:54.0960 4928 dot3svc - ok
00:49:54.0975 4928 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
00:49:55.0007 4928 DPS - ok
00:49:55.0022 4928 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:49:55.0053 4928 drmkaud - ok
00:49:55.0069 4928 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:49:55.0100 4928 DXGKrnl - ok
00:49:55.0131 4928 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
00:49:55.0163 4928 EapHost - ok
00:49:55.0241 4928 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
00:49:55.0287 4928 ebdrv - ok
00:49:55.0319 4928 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
00:49:55.0334 4928 EFS - ok
00:49:55.0381 4928 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:49:55.0412 4928 ehRecvr - ok
00:49:55.0428 4928 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
00:49:55.0459 4928 ehSched - ok
00:49:55.0459 4928 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:49:55.0490 4928 elxstor - ok
00:49:55.0506 4928 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:49:55.0537 4928 ErrDev - ok
00:49:55.0568 4928 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
00:49:55.0599 4928 EventSystem - ok
00:49:55.0615 4928 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
00:49:55.0662 4928 exfat - ok
00:49:55.0677 4928 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:49:55.0709 4928 fastfat - ok
00:49:55.0740 4928 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
00:49:55.0787 4928 Fax - ok
00:49:55.0787 4928 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:49:55.0818 4928 fdc - ok
00:49:55.0833 4928 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
00:49:55.0865 4928 fdPHost - ok
00:49:55.0865 4928 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
00:49:55.0911 4928 FDResPub - ok
00:49:55.0911 4928 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:49:55.0943 4928 FileInfo - ok
00:49:55.0958 4928 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:49:55.0989 4928 Filetrace - ok
00:49:55.0989 4928 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:49:56.0021 4928 flpydisk - ok
00:49:56.0036 4928 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:49:56.0052 4928 FltMgr - ok
00:49:56.0083 4928 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
00:49:56.0114 4928 FontCache - ok
00:49:56.0161 4928 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:49:56.0177 4928 FontCache3.0.0.0 - ok
00:49:56.0192 4928 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:49:56.0208 4928 FsDepends - ok
00:49:56.0239 4928 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:49:56.0255 4928 Fs_Rec - ok
00:49:56.0286 4928 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:49:56.0317 4928 fvevol - ok
00:49:56.0333 4928 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:49:56.0348 4928 gagp30kx - ok
00:49:56.0379 4928 [ 7C395BE8064EC103CACA8799C56F04E5 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
00:49:56.0395 4928 GDBehave - ok
00:49:56.0442 4928 [ CAE6E8CEA335CE9247296606CD1CACD2 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
00:49:56.0489 4928 GDFwSvc - ok
00:49:56.0504 4928 [ 451E1B8FE874515A4B146025344B86C0 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
00:49:56.0520 4928 GDMnIcpt - ok
00:49:56.0535 4928 [ 758080C743928B2F6E2F726AEC769052 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
00:49:56.0551 4928 GDPkIcpt - ok
00:49:56.0567 4928 [ 9D0AEEAFDE35DE10C2007B9610BC4DD8 ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
00:49:56.0598 4928 GDScan - ok
00:49:56.0629 4928 [ A206E8B6F0044FE101C990CBC091EFAF ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
00:49:56.0645 4928 gdwfpcd - ok
00:49:56.0676 4928 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:49:56.0691 4928 GEARAspiWDM - ok
00:49:56.0723 4928 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
00:49:56.0754 4928 gpsvc - ok
00:49:56.0801 4928 [ 0BB966AE7E5DD0B05E651DF7DC9CAAAD ] GRD C:\Windows\system32\drivers\GRD.sys
00:49:56.0832 4928 GRD - ok
00:49:56.0863 4928 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:49:56.0879 4928 gupdate - ok
00:49:56.0894 4928 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:49:56.0910 4928 gupdatem - ok
00:49:56.0925 4928 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:49:56.0941 4928 hcw85cir - ok
00:49:56.0972 4928 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:49:56.0988 4928 HdAudAddService - ok
00:49:57.0019 4928 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:49:57.0035 4928 HDAudBus - ok
00:49:57.0050 4928 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:49:57.0066 4928 HidBatt - ok
00:49:57.0066 4928 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:49:57.0097 4928 HidBth - ok
00:49:57.0113 4928 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:49:57.0128 4928 HidIr - ok
00:49:57.0144 4928 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
00:49:57.0191 4928 hidserv - ok
00:49:57.0191 4928 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:49:57.0222 4928 HidUsb - ok
00:49:57.0237 4928 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:49:57.0269 4928 hkmsvc - ok
00:49:57.0284 4928 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:49:57.0315 4928 HomeGroupListener - ok
00:49:57.0347 4928 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:49:57.0362 4928 HomeGroupProvider - ok
00:49:57.0378 4928 [ 616D8255AD3E433836B867F56BCD7727 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
00:49:57.0393 4928 HookCentre - ok
00:49:57.0393 4928 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:49:57.0425 4928 HpSAMD - ok
00:49:57.0456 4928 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:49:57.0503 4928 HTTP - ok
00:49:57.0518 4928 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:49:57.0534 4928 hwpolicy - ok
00:49:57.0534 4928 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:49:57.0565 4928 i8042prt - ok
00:49:57.0581 4928 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:49:57.0596 4928 iaStorV - ok
00:49:57.0643 4928 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:49:57.0674 4928 idsvc - ok
00:49:57.0690 4928 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:49:57.0705 4928 iirsp - ok
00:49:57.0737 4928 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
00:49:57.0783 4928 IKEEXT - ok
00:49:57.0861 4928 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:49:57.0908 4928 IntcAzAudAddService - ok
00:49:57.0924 4928 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
00:49:57.0955 4928 intelide - ok
00:49:57.0971 4928 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:49:58.0017 4928 intelppm - ok
00:49:58.0033 4928 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:49:58.0064 4928 IPBusEnum - ok
00:49:58.0080 4928 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:49:58.0111 4928 IpFilterDriver - ok
00:49:58.0142 4928 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:49:58.0158 4928 iphlpsvc - ok
00:49:58.0173 4928 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:49:58.0205 4928 IPMIDRV - ok
00:49:58.0205 4928 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:49:58.0236 4928 IPNAT - ok
00:49:58.0283 4928 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:49:58.0314 4928 iPod Service - ok
00:49:58.0329 4928 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:49:58.0361 4928 IRENUM - ok
00:49:58.0376 4928 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:49:58.0407 4928 isapnp - ok
00:49:58.0423 4928 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:49:58.0439 4928 iScsiPrt - ok
00:49:58.0470 4928 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:49:58.0485 4928 kbdclass - ok
00:49:58.0485 4928 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:49:58.0517 4928 kbdhid - ok
00:49:58.0532 4928 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
00:49:58.0548 4928 KeyIso - ok
00:49:58.0563 4928 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:49:58.0595 4928 KSecDD - ok
00:49:58.0626 4928 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:49:58.0641 4928 KSecPkg - ok
00:49:58.0673 4928 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
00:49:58.0704 4928 KtmRm - ok
00:49:58.0735 4928 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
00:49:58.0766 4928 LanmanServer - ok
00:49:58.0782 4928 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:49:58.0813 4928 LanmanWorkstation - ok
00:49:58.0829 4928 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:49:58.0875 4928 lltdio - ok
00:49:58.0891 4928 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:49:58.0938 4928 lltdsvc - ok
00:49:58.0953 4928 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
00:49:58.0985 4928 lmhosts - ok
00:49:59.0000 4928 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:49:59.0016 4928 LSI_FC - ok
00:49:59.0031 4928 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:49:59.0047 4928 LSI_SAS - ok
00:49:59.0063 4928 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:49:59.0078 4928 LSI_SAS2 - ok
00:49:59.0094 4928 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:49:59.0109 4928 LSI_SCSI - ok
00:49:59.0125 4928 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
00:49:59.0156 4928 luafv - ok
00:49:59.0187 4928 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:49:59.0219 4928 Mcx2Svc - ok
00:49:59.0219 4928 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:49:59.0250 4928 megasas - ok
00:49:59.0250 4928 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:49:59.0281 4928 MegaSR - ok
00:49:59.0297 4928 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
00:49:59.0343 4928 MMCSS - ok
00:49:59.0343 4928 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
00:49:59.0390 4928 Modem - ok
00:49:59.0390 4928 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:49:59.0421 4928 monitor - ok
00:49:59.0437 4928 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:49:59.0453 4928 mouclass - ok
00:49:59.0453 4928 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:49:59.0484 4928 mouhid - ok
00:49:59.0499 4928 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:49:59.0515 4928 mountmgr - ok
00:49:59.0562 4928 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:49:59.0577 4928 MozillaMaintenance - ok
00:49:59.0609 4928 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
00:49:59.0624 4928 mpio - ok
00:49:59.0640 4928 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:49:59.0671 4928 mpsdrv - ok
00:49:59.0702 4928 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:49:59.0733 4928 MpsSvc - ok
00:49:59.0765 4928 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:49:59.0796 4928 MRxDAV - ok
00:49:59.0811 4928 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:49:59.0843 4928 mrxsmb - ok
00:49:59.0858 4928 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:49:59.0874 4928 mrxsmb10 - ok
00:49:59.0889 4928 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:49:59.0905 4928 mrxsmb20 - ok
00:49:59.0936 4928 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
00:49:59.0952 4928 msahci - ok
00:49:59.0967 4928 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:49:59.0983 4928 msdsm - ok
00:49:59.0999 4928 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
00:50:00.0030 4928 MSDTC - ok
00:50:00.0061 4928 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:50:00.0092 4928 Msfs - ok
00:50:00.0108 4928 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:50:00.0139 4928 mshidkmdf - ok
00:50:00.0155 4928 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:50:00.0170 4928 msisadrv - ok
00:50:00.0201 4928 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:50:00.0233 4928 MSiSCSI - ok
00:50:00.0248 4928 msiserver - ok
00:50:00.0264 4928 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:50:00.0311 4928 MSKSSRV - ok
00:50:00.0311 4928 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:50:00.0357 4928 MSPCLOCK - ok
00:50:00.0357 4928 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:50:00.0389 4928 MSPQM - ok
00:50:00.0420 4928 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:50:00.0435 4928 MsRPC - ok
00:50:00.0451 4928 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:50:00.0467 4928 mssmbios - ok
00:50:00.0482 4928 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:50:00.0513 4928 MSTEE - ok
00:50:00.0529 4928 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:50:00.0545 4928 MTConfig - ok
00:50:00.0560 4928 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
00:50:00.0576 4928 Mup - ok
00:50:00.0607 4928 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
00:50:00.0638 4928 napagent - ok
00:50:00.0669 4928 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:50:00.0685 4928 NativeWifiP - ok
00:50:00.0716 4928 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:50:00.0747 4928 NDIS - ok
00:50:00.0763 4928 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:50:00.0794 4928 NdisCap - ok
00:50:00.0810 4928 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:50:00.0841 4928 NdisTapi - ok
00:50:00.0857 4928 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:50:00.0888 4928 Ndisuio - ok
00:50:00.0919 4928 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:50:00.0950 4928 NdisWan - ok
00:50:00.0966 4928 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:50:00.0997 4928 NDProxy - ok
00:50:01.0013 4928 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:50:01.0044 4928 NetBIOS - ok
00:50:01.0059 4928 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:50:01.0091 4928 NetBT - ok
00:50:01.0106 4928 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
00:50:01.0122 4928 Netlogon - ok
00:50:01.0153 4928 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
00:50:01.0200 4928 Netman - ok
00:50:01.0215 4928 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
00:50:01.0247 4928 netprofm - ok
00:50:01.0278 4928 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:50:01.0293 4928 NetTcpPortSharing - ok
00:50:01.0325 4928 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:50:01.0340 4928 nfrd960 - ok
00:50:01.0371 4928 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
00:50:01.0403 4928 NlaSvc - ok
00:50:01.0403 4928 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:50:01.0434 4928 Npfs - ok
00:50:01.0449 4928 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
00:50:01.0481 4928 nsi - ok
00:50:01.0496 4928 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:50:01.0527 4928 nsiproxy - ok
00:50:01.0559 4928 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:50:01.0590 4928 Ntfs - ok
00:50:01.0605 4928 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
00:50:01.0652 4928 Null - ok
00:50:01.0808 4928 [ C1E661888C719FC2E12C057F233FB238 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:50:01.0964 4928 nvlddmkm - ok
00:50:01.0980 4928 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:50:02.0011 4928 nvraid - ok
00:50:02.0027 4928 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:50:02.0042 4928 nvstor - ok
00:50:02.0073 4928 [ 31D7E63B62BC4680B5D1358F91DA104E ] nvsvc C:\Windows\system32\nvvsvc.exe
00:50:02.0105 4928 nvsvc - ok
00:50:02.0151 4928 [ 143B429F2D19A0F123ED8E4BCA8DB751 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:50:02.0183 4928 nvUpdatusService - ok
00:50:02.0214 4928 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:50:02.0229 4928 nv_agp - ok
00:50:02.0245 4928 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:50:02.0261 4928 ohci1394 - ok
00:50:02.0276 4928 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:50:02.0307 4928 p2pimsvc - ok
00:50:02.0323 4928 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
00:50:02.0339 4928 p2psvc - ok
00:50:02.0354 4928 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:50:02.0385 4928 Parport - ok
00:50:02.0401 4928 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:50:02.0417 4928 partmgr - ok
00:50:02.0432 4928 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
00:50:02.0448 4928 Parvdm - ok
00:50:02.0463 4928 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:50:02.0495 4928 PcaSvc - ok
00:50:02.0495 4928 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
00:50:02.0526 4928 pci - ok
00:50:02.0526 4928 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
00:50:02.0557 4928 pciide - ok
00:50:02.0557 4928 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:50:02.0573 4928 pcmcia - ok
00:50:02.0588 4928 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
00:50:02.0604 4928 pcw - ok
00:50:02.0651 4928 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:50:02.0682 4928 PEAUTH - ok
00:50:02.0729 4928 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
00:50:02.0775 4928 pla - ok
00:50:02.0807 4928 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:50:02.0838 4928 PlugPlay - ok
00:50:02.0838 4928 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:50:02.0869 4928 PNRPAutoReg - ok
00:50:02.0885 4928 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:50:02.0900 4928 PNRPsvc - ok
00:50:02.0916 4928 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:50:02.0963 4928 PolicyAgent - ok
00:50:02.0978 4928 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
00:50:03.0025 4928 Power - ok
00:50:03.0041 4928 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:50:03.0087 4928 PptpMiniport - ok
00:50:03.0103 4928 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:50:03.0119 4928 Processor - ok
00:50:03.0134 4928 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
00:50:03.0165 4928 ProfSvc - ok
00:50:03.0165 4928 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:50:03.0197 4928 ProtectedStorage - ok
00:50:03.0197 4928 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:50:03.0243 4928 Psched - ok
00:50:03.0275 4928 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:50:03.0306 4928 ql2300 - ok
00:50:03.0306 4928 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:50:03.0337 4928 ql40xx - ok
00:50:03.0368 4928 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
00:50:03.0384 4928 QWAVE - ok
00:50:03.0399 4928 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:50:03.0415 4928 QWAVEdrv - ok
00:50:03.0431 4928 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:50:03.0462 4928 RasAcd - ok
00:50:03.0493 4928 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:50:03.0524 4928 RasAgileVpn - ok
00:50:03.0524 4928 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
00:50:03.0571 4928 RasAuto - ok
00:50:03.0571 4928 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:50:03.0618 4928 Rasl2tp - ok
00:50:03.0649 4928 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
00:50:03.0696 4928 RasMan - ok
00:50:03.0696 4928 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:50:03.0743 4928 RasPppoe - ok
00:50:03.0743 4928 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:50:03.0774 4928 RasSstp - ok
00:50:03.0789 4928 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:50:03.0836 4928 rdbss - ok
00:50:03.0852 4928 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:50:03.0867 4928 rdpbus - ok
00:50:03.0899 4928 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:50:03.0930 4928 RDPCDD - ok
00:50:03.0930 4928 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:50:03.0977 4928 RDPENCDD - ok
00:50:03.0992 4928 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:50:04.0023 4928 RDPREFMP - ok
00:50:04.0055 4928 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:50:04.0086 4928 RdpVideoMiniport - ok
00:50:04.0117 4928 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:50:04.0133 4928 RDPWD - ok
00:50:04.0164 4928 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:50:04.0195 4928 rdyboost - ok
00:50:04.0211 4928 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
00:50:04.0242 4928 RemoteAccess - ok
00:50:04.0257 4928 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:50:04.0289 4928 RemoteRegistry - ok
00:50:04.0304 4928 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:50:04.0335 4928 RpcEptMapper - ok
00:50:04.0367 4928 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
00:50:04.0398 4928 RpcLocator - ok
00:50:04.0398 4928 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
00:50:04.0445 4928 RpcSs - ok
00:50:04.0460 4928 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:50:04.0491 4928 rspndr - ok
00:50:04.0523 4928 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
00:50:04.0554 4928 RTL8167 - ok
00:50:04.0569 4928 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
00:50:04.0601 4928 SamSs - ok
00:50:04.0632 4928 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:50:04.0647 4928 sbp2port - ok
00:50:04.0679 4928 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:50:04.0710 4928 SCardSvr - ok
00:50:04.0741 4928 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:50:04.0772 4928 scfilter - ok
00:50:04.0803 4928 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
00:50:04.0835 4928 Schedule - ok
00:50:04.0850 4928 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:50:04.0881 4928 SCPolicySvc - ok
00:50:04.0913 4928 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:50:04.0944 4928 SDRSVC - ok
00:50:04.0959 4928 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:50:04.0991 4928 secdrv - ok
00:50:05.0006 4928 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
00:50:05.0037 4928 seclogon - ok
00:50:05.0053 4928 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
00:50:05.0100 4928 SENS - ok
00:50:05.0115 4928 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:50:05.0147 4928 SensrSvc - ok
00:50:05.0147 4928 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:50:05.0178 4928 Serenum - ok
00:50:05.0178 4928 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:50:05.0209 4928 Serial - ok
00:50:05.0225 4928 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:50:05.0240 4928 sermouse - ok
00:50:05.0287 4928 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
00:50:05.0318 4928 SessionEnv - ok
00:50:05.0334 4928 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:50:05.0349 4928 sffdisk - ok
00:50:05.0365 4928 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:50:05.0381 4928 sffp_mmc - ok
00:50:05.0396 4928 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:50:05.0427 4928 sffp_sd - ok
00:50:05.0427 4928 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:50:05.0459 4928 sfloppy - ok
00:50:05.0474 4928 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:50:05.0521 4928 SharedAccess - ok
00:50:05.0537 4928 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:50:05.0568 4928 ShellHWDetection - ok
00:50:05.0583 4928 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:50:05.0615 4928 sisagp - ok
00:50:05.0630 4928 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:50:05.0646 4928 SiSRaid2 - ok
00:50:05.0661 4928 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:50:05.0677 4928 SiSRaid4 - ok
00:50:05.0724 4928 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:50:05.0755 4928 SkypeUpdate - ok
00:50:05.0771 4928 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:50:05.0802 4928 Smb - ok
00:50:05.0849 4928 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:50:05.0864 4928 SNMPTRAP - ok
00:50:05.0895 4928 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
00:50:05.0911 4928 spldr - ok
00:50:05.0942 4928 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
00:50:05.0973 4928 Spooler - ok
00:50:06.0051 4928 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
00:50:06.0114 4928 sppsvc - ok
00:50:06.0145 4928 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:50:06.0176 4928 sppuinotify - ok
00:50:06.0207 4928 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:50:06.0223 4928 srv - ok
00:50:06.0239 4928 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:50:06.0270 4928 srv2 - ok
00:50:06.0285 4928 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:50:06.0317 4928 srvnet - ok
00:50:06.0332 4928 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:50:06.0363 4928 SSDPSRV - ok
00:50:06.0410 4928 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
00:50:06.0426 4928 SSPORT ( UnsignedFile.Multi.Generic ) - warning
00:50:06.0426 4928 SSPORT - detected UnsignedFile.Multi.Generic (1)
00:50:06.0441 4928 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:50:06.0488 4928 SstpSvc - ok
00:50:06.0519 4928 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:50:06.0535 4928 stexstor - ok
00:50:06.0566 4928 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
00:50:06.0597 4928 StiSvc - ok
00:50:06.0597 4928 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
00:50:06.0613 4928 swenum - ok
00:50:06.0644 4928 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
00:50:06.0691 4928 swprv - ok
00:50:06.0707 4928 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
00:50:06.0753 4928 SysMain - ok
00:50:06.0769 4928 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:50:06.0785 4928 TabletInputService - ok
00:50:06.0816 4928 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
00:50:06.0847 4928 TapiSrv - ok
00:50:06.0863 4928 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
00:50:06.0909 4928 TBS - ok
00:50:06.0941 4928 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:50:06.0972 4928 Tcpip - ok
00:50:07.0019 4928 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:50:07.0050 4928 TCPIP6 - ok
00:50:07.0081 4928 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:50:07.0097 4928 tcpipreg - ok
00:50:07.0112 4928 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:50:07.0143 4928 TDPIPE - ok
00:50:07.0143 4928 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:50:07.0175 4928 TDTCP - ok
00:50:07.0190 4928 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:50:07.0221 4928 tdx - ok
00:50:07.0237 4928 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:50:07.0253 4928 TermDD - ok
00:50:07.0268 4928 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
00:50:07.0315 4928 TermService - ok
00:50:07.0346 4928 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
00:50:07.0362 4928 Themes - ok
00:50:07.0377 4928 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
00:50:07.0409 4928 THREADORDER - ok
00:50:07.0424 4928 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
00:50:07.0455 4928 TrkWks - ok
00:50:07.0502 4928 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:50:07.0533 4928 TrustedInstaller - ok
00:50:07.0549 4928 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:50:07.0580 4928 tssecsrv - ok
00:50:07.0611 4928 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:50:07.0643 4928 TsUsbFlt - ok
00:50:07.0674 4928 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:50:07.0705 4928 tunnel - ok
00:50:07.0736 4928 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:50:07.0752 4928 uagp35 - ok
00:50:07.0767 4928 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:50:07.0799 4928 udfs - ok
00:50:07.0830 4928 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:50:07.0861 4928 UI0Detect - ok
00:50:07.0877 4928 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:50:07.0908 4928 uliagpkx - ok
00:50:07.0923 4928 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
00:50:07.0955 4928 umbus - ok
00:50:07.0970 4928 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:50:07.0986 4928 UmPass - ok
00:50:08.0001 4928 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
00:50:08.0048 4928 upnphost - ok
00:50:08.0079 4928 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
00:50:08.0095 4928 USBAAPL - ok
00:50:08.0126 4928 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:50:08.0142 4928 usbccgp - ok
00:50:08.0173 4928 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:50:08.0189 4928 usbcir - ok
00:50:08.0204 4928 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:50:08.0235 4928 usbehci - ok
00:50:08.0251 4928 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:50:08.0282 4928 usbhub - ok
00:50:08.0282 4928 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:50:08.0313 4928 usbohci - ok
00:50:08.0329 4928 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:50:08.0360 4928 usbprint - ok
00:50:08.0360 4928 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:50:08.0391 4928 USBSTOR - ok
00:50:08.0391 4928 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:50:08.0423 4928 usbuhci - ok
00:50:08.0438 4928 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
00:50:08.0469 4928 UxSms - ok
00:50:08.0485 4928 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
00:50:08.0501 4928 VaultSvc - ok
00:50:08.0516 4928 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:50:08.0532 4928 vdrvroot - ok
00:50:08.0563 4928 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
00:50:08.0610 4928 vds - ok
00:50:08.0625 4928 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:50:08.0641 4928 vga - ok
00:50:08.0657 4928 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:50:08.0688 4928 VgaSave - ok
00:50:08.0719 4928 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:50:08.0735 4928 vhdmp - ok
00:50:08.0750 4928 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:50:08.0781 4928 viaagp - ok
00:50:08.0781 4928 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
00:50:08.0797 4928 ViaC7 - ok
00:50:08.0813 4928 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
00:50:08.0844 4928 viaide - ok
00:50:08.0859 4928 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:50:08.0875 4928 volmgr - ok
00:50:08.0891 4928 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:50:08.0906 4928 volmgrx - ok
00:50:08.0922 4928 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:50:08.0953 4928 volsnap - ok
00:50:08.0953 4928 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:50:08.0984 4928 vsmraid - ok
00:50:09.0015 4928 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
00:50:09.0062 4928 VSS - ok
00:50:09.0078 4928 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:50:09.0093 4928 vwifibus - ok
00:50:09.0125 4928 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
00:50:09.0171 4928 W32Time - ok
00:50:09.0171 4928 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:50:09.0203 4928 WacomPen - ok
00:50:09.0234 4928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:50:09.0265 4928 WANARP - ok
00:50:09.0265 4928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:50:09.0296 4928 Wanarpv6 - ok
00:50:09.0327 4928 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
00:50:09.0359 4928 wbengine - ok
00:50:09.0374 4928 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:50:09.0405 4928 WbioSrvc - ok
00:50:09.0421 4928 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:50:09.0452 4928 wcncsvc - ok
00:50:09.0468 4928 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:50:09.0483 4928 WcsPlugInService - ok
00:50:09.0499 4928 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:50:09.0530 4928 Wd - ok
00:50:09.0561 4928 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:50:09.0577 4928 Wdf01000 - ok
00:50:09.0593 4928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:50:09.0624 4928 WdiServiceHost - ok
00:50:09.0624 4928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:50:09.0655 4928 WdiSystemHost - ok
00:50:09.0671 4928 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
00:50:09.0702 4928 WebClient - ok
00:50:09.0733 4928 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:50:09.0764 4928 Wecsvc - ok
00:50:09.0780 4928 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:50:09.0811 4928 wercplsupport - ok
00:50:09.0842 4928 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
00:50:09.0889 4928 WerSvc - ok
00:50:09.0905 4928 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:50:09.0951 4928 WfpLwf - ok
00:50:09.0967 4928 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:50:09.0983 4928 WIMMount - ok
00:50:10.0029 4928 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:50:10.0061 4928 WinDefend - ok
00:50:10.0061 4928 WinHttpAutoProxySvc - ok
00:50:10.0107 4928 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:50:10.0154 4928 Winmgmt - ok
00:50:10.0185 4928 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
00:50:10.0232 4928 WinRM - ok
00:50:10.0279 4928 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:50:10.0326 4928 Wlansvc - ok
00:50:10.0341 4928 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:50:10.0373 4928 WmiAcpi - ok
00:50:10.0388 4928 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:50:10.0404 4928 wmiApSrv - ok
00:50:10.0451 4928 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:50:10.0482 4928 WMPNetworkSvc - ok
00:50:10.0497 4928 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:50:10.0513 4928 WPCSvc - ok
00:50:10.0529 4928 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:50:10.0575 4928 WPDBusEnum - ok
00:50:10.0591 4928 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:50:10.0622 4928 ws2ifsl - ok
00:50:10.0622 4928 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
00:50:10.0653 4928 wscsvc - ok
00:50:10.0653 4928 WSearch - ok
00:50:10.0716 4928 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:50:10.0763 4928 wuauserv - ok
00:50:10.0794 4928 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:50:10.0809 4928 WudfPf - ok
00:50:10.0825 4928 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:50:10.0856 4928 WUDFRd - ok
00:50:10.0887 4928 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:50:10.0919 4928 wudfsvc - ok
00:50:10.0934 4928 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:50:10.0965 4928 WwanSvc - ok
00:50:10.0981 4928 ================ Scan global ===============================
00:50:10.0997 4928 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
00:50:11.0028 4928 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
00:50:11.0028 4928 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
00:50:11.0059 4928 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:50:11.0075 4928 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:50:11.0090 4928 [Global] - ok
00:50:11.0090 4928 ================ Scan MBR ==================================
00:50:11.0090 4928 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:50:11.0496 4928 \Device\Harddisk0\DR0 - ok
00:50:11.0496 4928 ================ Scan VBR ==================================
00:50:11.0496 4928 [ C2542AC1F8FBA623FA6CCDC1CF4F6D8A ] \Device\Harddisk0\DR0\Partition1
00:50:11.0496 4928 \Device\Harddisk0\DR0\Partition1 - ok
00:50:11.0543 4928 [ 9656B8451BBE07244DB38328094E280F ] \Device\Harddisk0\DR0\Partition2
00:50:11.0543 4928 \Device\Harddisk0\DR0\Partition2 - ok
00:50:11.0558 4928 [ 8E646D304F3C271C6736D16016C8E9E7 ] \Device\Harddisk0\DR0\Partition3
00:50:11.0558 4928 \Device\Harddisk0\DR0\Partition3 - ok
00:50:11.0558 4928 ============================================================
00:50:11.0558 4928 Scan finished
00:50:11.0558 4928 ============================================================
00:50:11.0574 5728 Detected object count: 1
00:50:11.0574 5728 Actual detected object count: 1
00:50:23.0414 5728 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:23.0414 5728 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.12.2012, 13:52
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 15:56
| #11 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner hier der logfile von combofix: Code:
ATTFilter Combofix Logfile: |
|
31.12.2012, 16:09
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 16:18
| #13 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner logfile von adwcleaner: Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 31/12/2012 um 16:15:38 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yxlwwr6g.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1016 octets] - [31/12/2012 16:15:38]
########## EOF - C:\AdwCleaner[R1].txt - [1076 octets] ##########
|
|
31.12.2012, 16:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wgsdgsdgdsgsd.dll nich gefunden nach trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 16:50
| #15 |
| | wgsdgsdgdsgsd.dll nich gefunden nach trojaner adwCleaner logfile: Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 31/12/2012 um 16:26:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yxlwwr6g.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1145 octets] - [31/12/2012 16:15:38]
AdwCleaner[S1].txt - [1078 octets] - [31/12/2012 16:26:32]
########## EOF - C:\AdwCleaner[S1].txt - [1138 octets] ##########
OTL logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2012 16:33:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 62,90% Memory free 6,00 Gb Paging File | 4,55 Gb Available in Paging File | 75,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,03 Gb Total Space | 54,67 Gb Free Space | 70,07% Space Free | Partition Type: NTFS Drive D: | 387,63 Gb Total Space | 121,18 Gb Free Space | 31,26% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe () PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\G Data\InternetSecurity\AVK\ShellExt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe () SRV - (GDScan) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (catchme) -- C:\Users\LAUSCH~1\AppData\Local\Temp\catchme.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 20 90 B8 ED E6 CD 01 [binary data] IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2408959547-1414554649-2491719108-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS - Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://startpage.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 15:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 15:55:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 15:55:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 15:55:31 | 000,000,000 | ---D | M] [2012.11.02 00:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.23 12:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yxlwwr6g.default\extensions [2012.11.23 12:37:46 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\yxlwwr6g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.30 20:23:20 | 000,005,539 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\yxlwwr6g.default\searchplugins\startpage-https---deutsch.xml [2012.12.05 15:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 15:55:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKU\S-1-5-21-2408959547-1414554649-2491719108-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2408959547-1414554649-2491719108-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2408959547-1414554649-2491719108-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1F8BA2B-A7F1-4659-BCE7-C758C49CD2DC}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.31 16:31:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.31 15:47:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.31 15:32:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.31 15:32:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.31 15:32:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.31 15:31:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.31 15:31:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.31 15:13:18 | 005,016,388 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.31 00:43:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.12.31 00:27:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.12.30 21:41:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.techniclauncher [2012.12.30 21:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.30 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2012.12.24 12:16:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.21 19:42:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.21 19:42:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.20 18:40:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2012.12.19 23:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader 2 [2012.12.18 12:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2012.12.18 12:07:45 | 000,889,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2012.12.18 12:07:44 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.12.18 12:07:44 | 015,122,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2012.12.18 12:07:44 | 009,373,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.12.18 12:07:44 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.12.18 12:07:44 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2012.12.18 12:07:44 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.12.18 12:07:44 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.12.18 12:07:43 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.12.18 12:07:00 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.12.14 13:27:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\FormatFactory [2012.12.14 10:57:11 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.13 11:48:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2012.12.13 11:48:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.12.13 11:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.13 11:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.12.13 11:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.12.12 10:39:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.12 10:39:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.12 10:39:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.12 10:39:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.12 10:39:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.12 10:39:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.12 10:39:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.12 10:39:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.12 10:37:18 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.12 10:37:18 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.12 10:37:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.12 10:37:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 10:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 10:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.12 10:37:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.12 10:37:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.12 10:37:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.07 12:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2012.12.07 12:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2012.12.07 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2012.12.07 11:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime [2012.12.07 11:57:14 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Program Files\SharePod.exe [2012.12.05 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.12.31 16:35:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.31 16:35:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.31 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.31 16:28:33 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.31 16:28:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.31 16:28:18 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.31 16:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.31 16:13:26 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.31 15:51:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.31 15:13:03 | 005,016,388 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.31 00:46:20 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.12.31 00:43:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.12.31 00:27:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.12.24 10:33:26 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.24 10:33:26 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.24 10:33:26 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.24 10:33:26 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.23 16:25:15 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.23 16:25:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.23 15:28:18 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.21 22:09:47 | 000,285,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.18 16:09:16 | 000,099,065 | ---- | M] () -- C:\Users\***\Desktop\Demokratie_Aufhebung_der_Besonderung_des_Staates.pdf [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.03 16:39:40 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.12.03 16:39:40 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.12.03 16:39:40 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2012.12.03 16:39:40 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2012.12.03 16:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.12.03 16:39:40 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.12.03 16:39:40 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2012.12.03 16:39:40 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.12.03 16:39:40 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012.12.03 16:39:40 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.12.03 16:39:40 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012.12.03 16:39:40 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2012.12.03 16:39:40 | 000,011,545 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2012.12.01 21:39:49 | 001,111,519 | ---- | M] () -- C:\Users\***\Desktop\manuskripte12.pdf ========== Files Created - No Company Name ========== [2012.12.31 16:14:59 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.31 15:32:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.31 15:32:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.31 15:32:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.31 15:32:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.31 15:32:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.31 00:46:20 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.12.23 15:32:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.23 15:28:18 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.19 23:01:41 | 000,001,989 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.12.19 23:01:41 | 000,001,989 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.12.19 23:01:41 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2012.12.18 16:09:16 | 000,099,065 | ---- | C] () -- C:\Users\***\Desktop\Demokratie_Aufhebung_der_Besonderung_des_Staates.pdf [2012.12.01 21:39:49 | 001,111,519 | ---- | C] () -- C:\Users\***\Desktop\manuskripte12.pdf [2012.11.01 23:12:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.22 06:47:58 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CODE] OTL extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.12.2012 16:33:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 62,90% Memory free
6,00 Gb Paging File | 4,55 Gb Available in Paging File | 75,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 54,67 Gb Free Space | 70,07% Space Free | Partition Type: NTFS
Drive D: | 387,63 Gb Total Space | 121,18 Gb Free Space | 31,26% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2408959547-1414554649-2491719108-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042B22F9-2420-447D-AC45-EF5469828DAE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1024DCC6-14BA-48B0-9A6E-CF4819E2789B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1BB02DB1-6661-424A-BF30-99F5BF6EAE5E}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C2072A7-4D06-45AB-B4CC-1159E5DAA862}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{952901C2-4C4C-46E9-9115-2B62E125E7D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8DA48B5-1196-4037-A72B-E5023FD6CB21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAC76ADC-825C-4668-95C2-BAF59BDDFDAE}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FormatFactory" = FormatFactory 3.0.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2408959547-1414554649-2491719108-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.11.2012 17:27:47 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.11.2012 17:27:47 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 22.11.2012 17:27:47 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 06.12.2012 15:54:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.12.2012 15:54:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 06.12.2012 15:54:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 11.12.2012 10:56:36 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 10.0.2627.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 794 Startzeit:
01cdd7aada1714b5 Endzeit: 16 Anwendungspfad: C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
Berichts-ID:
Error - 17.12.2012 18:18:43 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.12.2012 18:18:43 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992
Error - 17.12.2012 18:18:43 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992
[ System Events ]
Error - 25.12.2012 12:52:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.12.2012 15:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.12.2012 16:20:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.12.2012 06:10:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.12.2012 10:09:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.12.2012 10:32:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 31.12.2012 10:37:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 31.12.2012 10:43:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 31.12.2012 10:52:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.12.2012 11:28:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
[/CODE] Geändert von laub.frosch (31.12.2012 um 17:20 Uhr) |
|
| Themen zu wgsdgsdgdsgsd.dll nich gefunden nach trojaner |
| beim starten, bundespolizei-virus, computer, das angegebene modul konnte nicht gefunden werden, datei, datein, eingefangen, gdata, gefangen, gelöscht, gen, gescannt, gesperrt, infizierte, infizierten, kaspersky, konnte, meldung, modul, nachricht, problem, start von windows, starte, starten, treffen, troja, trojaner, wgsdgsdgdsgsd.dll, windowsstart |
Linear-Darstellung
