| |
| |||||||
Log-Analyse und Auswertung: Find.exe cmd.exe hale.exe udn Rechner langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
28.12.2012, 12:05
| #1 |
 |  Find.exe cmd.exe hale.exe udn Rechner langsam Hallo mein Rechner ist letzter Zeit langsamer geworden und dabei habe ich herausgefunden das die 3 genannten prozesse im Hintergrund nach dem Systemstart laufen. Könnt ihr mir weiterhelfen? Danke |
|
28.12.2012, 13:35
| #2 |
| /// Malware-holic   | Find.exe cmd.exe hale.exe udn Rechner langsam Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.12.2012, 15:03
| #3 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 28.12.2012 14:50:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,14% Memory free 6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,19 Gb Total Space | 172,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 184,49 Gb Free Space | 62,97% Space Free | Partition Type: NTFS Drive E: | 6,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 3,44 Gb Total Space | 0,04 Gb Free Space | 1,22% Space Free | Partition Type: FAT32 Computer Name: KEVIN | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.28 14:49:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe PRC - [2012.12.27 17:20:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 12:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:46 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slui.exe PRC - [2010.11.20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.12.20 20:55:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.06 15:26:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.08.05 12:51:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.03.25 17:55:16 | 000,091,464 | ---- | M] () [Disabled | Stopped] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.11.02 12:56:54 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.21 10:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.05.08 14:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.05 20:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2010.05.05 20:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia) DRV - [2010.05.05 20:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2010.05.05 20:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2010.05.05 20:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv) DRV - [2010.05.05 20:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010.05.05 20:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2010.05.05 20:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k) DRV - [2010.05.05 20:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV - [2010.05.05 20:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV - [2010.05.05 20:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV - [2010.05.05 20:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT) DRV - [2010.05.05 20:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV - [2010.05.05 20:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT) DRV - [2009.07.13 23:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009.05.13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2007.12.17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2005.01.31 09:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.01.31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={7E159878-2A9F-11E2-B2D2-002215F10484} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={7E159878-2A9F-11E2-B2D2-002215F10484} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 65 89 DE 55 72 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{744529DF-8AB8-4380-8D6E-B086FEDB6AA6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^DE&apn_uid=f335b0ce-d783-4b02-8238-e61c41017869&apn_sauid=BA0A5E35-281C-4FF0-B793-002E01733678 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bvb.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.05 20:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2002.01.02 17:06:43 | 000,000,000 | ---D | M] [2012.08.04 17:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2012.12.08 17:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\61abiv07.default\extensions [2012.12.08 17:39:41 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\61abiv07.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012.10.04 14:25:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\61abiv07.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.05 12:07:36 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\extensions\DivXWebPlayer@divx.com.xpi [2012.11.19 19:22:04 | 002,307,149 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\extensions\nasanightlaunch@example.com.xpi [2012.11.17 14:23:03 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\extensions\toolbar@web.de.xpi [2012.08.21 17:21:29 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012.11.23 18:31:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.18 15:29:30 | 000,005,545 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\61abiv07.default\searchplugins\webde-suche.xml [2002.01.02 17:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Ask.com Search Engine - Better Web Search CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: Ask.com Search Engine - Better Web Search CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: avast! WebRep = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: avast! WebRep = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Chew7Hale] C:\Windows\System32\hale.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F08370B-7339-40C3-85E5-3C171CABA9C4}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\msnmsgr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.10.29 20:50:21 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{c0895f69-24cd-11e2-923d-002215f10484}\Shell - "" = AutoRun O33 - MountPoints2\{c0895f69-24cd-11e2-923d-002215f10484}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2012.10.29 21:46:05 | 001,720,254 | R--- | M] (EA Games ) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {0544D374-F30A-A0E0-444D-9197061FE51F} - Internet Explorer ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 17:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.12.27 17:11:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.27 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Vag COm [2012.12.27 15:06:03 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Call of Duty [2012.12.22 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Creative [2012.12.21 18:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2012.12.20 17:45:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{9AC39A71-4B00-4C78-9218-95F476AFF617} [2012.12.19 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\German_Top_100_Single_Charts_01.10.2012 [2012.12.17 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.17 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012.12.17 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Programs [2012.12.13 20:31:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.13 20:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.12.10 17:17:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.12.10 17:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.10 17:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.12.10 17:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.07 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.12.28 14:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000UA.job [2012.12.28 14:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 13:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 13:48:01 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 13:48:01 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000Core.job [2012.12.28 11:58:08 | 587,843,165 | ---- | M] () -- C:\Windows\System32\cwlog.dtl [2012.12.28 11:48:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 11:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 11:47:43 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 17:37:19 | 000,054,664 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx [2012.12.27 17:37:19 | 000,054,664 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx [2012.12.27 17:37:19 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx [2012.12.27 17:22:34 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.26 22:44:19 | 000,013,730 | ---- | M] () -- C:\Users\Kevin\Desktop\einladung.ods [2012.12.24 12:58:15 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.22 14:43:29 | 000,002,487 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk [2012.12.21 17:58:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.21 17:58:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.21 17:58:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.21 17:58:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.21 17:56:41 | 000,162,540 | ---- | M] () -- C:\Users\Kevin\Documents\dffd.xps [2012.12.20 17:52:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.20 17:40:57 | 000,000,000 | -H-- | M] () -- C:\Users\Kevin\Documents\Default.rdp ========== Files Created - No Company Name ========== [2012.12.26 22:44:18 | 000,013,730 | ---- | C] () -- C:\Users\Kevin\Desktop\einladung.ods [2012.12.21 17:56:41 | 000,162,540 | ---- | C] () -- C:\Users\Kevin\Documents\dffd.xps [2012.12.20 17:40:57 | 000,000,000 | -H-- | C] () -- C:\Users\Kevin\Documents\Default.rdp [2012.11.27 17:29:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.11.23 20:06:34 | 000,245,424 | ---- | C] () -- C:\Users\Kevin\12770112.mp4 [2012.11.23 20:04:50 | 003,999,744 | ---- | C] () -- C:\Users\Kevin\12503808_truncated.mp4 [2012.11.23 20:02:06 | 000,003,422 | ---- | C] () -- C:\Users\Kevin\report.html [2012.11.23 20:02:01 | 001,287,577 | ---- | C] () -- C:\Users\Kevin\12503808.mp4 [2012.11.23 20:02:01 | 000,301,112 | ---- | C] () -- C:\Users\Kevin\logfile.html [2012.09.06 15:03:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2012.09.06 15:03:36 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2012.09.06 15:03:32 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2012.09.06 15:03:32 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2012.09.06 15:03:10 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2012.08.06 15:39:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.08.06 15:38:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.08.05 12:50:45 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2012.08.05 12:50:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2012.08.05 12:50:16 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2012.08.04 17:02:00 | 002,169,856 | -HS- | C] () -- C:\Windows\System32\hale.exe [2012.08.04 16:23:14 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.08.04 16:23:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.08.04 16:23:14 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.08.04 16:23:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.02 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite [2012.08.28 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Foxit Software [2012.11.27 17:29:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\FreeAudioPack [2012.11.15 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org [2012.09.11 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2012.09.08 12:40:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TuneUp Software [2012.11.02 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\UseNeXT [2012.08.10 12:49:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\wargaming.net ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.08 12:43:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.28 11:47:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2002.01.01 14:40:27 | 000,000,000 | -H-D | M] -- C:\ExpressGate [2012.09.06 20:07:45 | 000,000,000 | -H-D | M] -- C:\ExpressGateUtil [2012.08.05 12:41:12 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.27 17:23:15 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.21 18:02:58 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.04 15:46:08 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.28 14:51:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.08.05 12:43:00 | 000,000,000 | R--D | M] -- C:\Users [2012.12.21 17:45:19 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,031,364 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.08.04 16:33:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.08.24 17:27:38 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000Core.job [2012.08.24 17:27:39 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000UA.job [2012.09.07 15:20:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 15:20:23 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\ProgramData\Microsoft\Windows\SXS\32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\All Users\Microsoft\Windows\SXS\32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=BE8C64439F1E2AF088063218C16EB9FE -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 13:17:54 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1562571D6B1541098E677C3BB78709A0 -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\ProgramData\Microsoft\Windows\SXS\32\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\All Users\Microsoft\Windows\SXS\32\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010.11.20 13:21:24 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll < %USERPROFILE%\*.* > [2012.11.23 20:05:22 | 001,287,577 | ---- | M] () -- C:\Users\Kevin\12503808.mp4 [2012.11.23 20:04:51 | 003,999,744 | ---- | M] () -- C:\Users\Kevin\12503808_truncated.mp4 [2012.11.23 20:06:40 | 000,245,424 | ---- | M] () -- C:\Users\Kevin\12770112.mp4 [2012.11.23 20:06:40 | 000,301,112 | ---- | M] () -- C:\Users\Kevin\logfile.html [2012.12.28 14:51:54 | 001,835,008 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat [2012.12.28 14:51:54 | 000,262,144 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat.LOG1 [2012.08.04 15:46:15 | 000,000,000 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat.LOG2 [2012.08.04 16:24:52 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.08.04 16:24:52 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.08.04 16:24:52 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.12.20 18:16:42 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{92cd3707-4ac4-11e2-9912-002215f10484}.TM.blf [2012.12.20 18:16:42 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{92cd3707-4ac4-11e2-9912-002215f10484}.TMContainer00000000000000000001.regtrans-ms [2012.12.20 18:16:42 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat{92cd3707-4ac4-11e2-9912-002215f10484}.TMContainer00000000000000000002.regtrans-ms [2012.08.04 15:46:15 | 000,000,020 | -HS- | M] () -- C:\Users\Kevin\ntuser.ini [2012.11.23 20:06:40 | 000,003,422 | ---- | M] () -- C:\Users\Kevin\report.html < %USERPROFILE%\Local Settings\Temp\*.exe > [2012.06.06 08:51:38 | 003,151,392 | ---- | M] (Foxit Corporation) -- C:\Users\Kevin\Local Settings\Temp\Foxit Updater.exe [18 C:\Users\Kevin\Local Settings\Temp\*.tmp files -> C:\Users\Kevin\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 14:50:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,14% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,19 Gb Total Space | 172,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 184,49 Gb Free Space | 62,97% Space Free | Partition Type: NTFS
Drive E: | 6,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,44 Gb Total Space | 0,04 Gb Free Space | 1,22% Space Free | Partition Type: FAT32
Computer Name: KEVIN | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04121AA0-5BD2-43F4-B44F-ADA12A40634A}" = rport=138 | protocol=17 | dir=out | app=system |
"{0628B839-E4E0-4413-B62F-9F4835D2B3F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B6B08CA-E45C-4DCF-A88D-2633D000C5E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{19F74153-F8E7-4483-8BC5-C3CA3C423483}" = lport=137 | protocol=17 | dir=in | app=system |
"{29B9AEB7-5C7C-4E6E-8333-1D08D8676700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32AE8BA7-209C-4111-9EEC-7C873E9B7AE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{4301FBD2-2F58-41A3-AB24-EE867F39D040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48C2748E-947C-4BE4-B70E-19534930AE55}" = rport=137 | protocol=17 | dir=out | app=system |
"{48C461F4-2289-49C0-A21E-310DE6A10BBA}" = lport=139 | protocol=6 | dir=in | app=system |
"{57251845-9E6A-468C-890E-00D49E3D1F6F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C7CB334-E42E-4BEA-8DCB-9B2C23A0FA43}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B3137B5-0B39-4342-912A-68B74A5614A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C8B280B-7300-4AFF-8A80-6E8F2F483958}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CE90054-1E56-4018-87DB-DC9C0373E15A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87339EB2-C695-4296-A902-13CB3D552146}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9459988E-6778-4BA6-A460-96CAA93ED6C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A35F3D5-C9F4-4494-A983-C646059CDFB5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A1FB0314-9CB1-49A7-B44F-4EF20AC359AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ABF03EE5-F599-4B33-8275-A862F9DF0923}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6C0F8A4-4AE9-482F-B675-33C6574C9CA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAFC16C7-CB12-468F-AEFA-3A81C12F7A4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DDBF9627-46D1-41DE-A6A1-1C2517CE7392}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E12D4915-4541-47FD-B656-90AF53BDD4DD}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{111ECC03-13F2-4369-A920-0F6BA23BA6AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{22DBC97F-8CD1-43F0-BFAA-8D06E670113E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3684F542-5ECC-411A-86A5-25A918779D09}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3A16A507-EBCA-4F28-A521-3C08945D5F68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B10ADC9-6489-4B86-89EC-93106D5106BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{403FEB35-D05B-4853-93F7-570EB4D462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4427C367-E626-447A-89A6-F8EA90393F09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C6EB0F8-8D79-441D-AFD9-BC9DBC63148E}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{50861BDE-271D-4E4A-B688-34CAC3CF7234}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{621E5191-1E2D-499C-B3D3-D69A06851D17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C0AEF5F-0A79-4281-8212-41488DE956E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71CF65D6-0CBE-418B-9100-1155508B8017}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{75E9883D-9118-4D85-AFAB-1029A9E1361E}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{AB675B2E-C3F6-4251-AB25-5591F7E14BE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C130D3EB-2994-4CAD-AB86-A3C8EBBC69D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4A8CE1C-FEB6-430C-B763-8FF807C77171}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7FD9F75-0BDC-4F8E-8EC5-EE02329964ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C88DE297-C384-4F1B-B08E-6CFC911556B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CAF11385-ACDA-4859-9D27-26504161CFA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC62125C-1077-496B-9B48-3B10285291C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D35888B9-57E1-47ED-A1D5-90587BD750C4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D6171E41-CD00-4EA4-99CC-073441D7F5EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E640BC13-8E5D-4347-BE7D-E449CFFD9498}" = protocol=6 | dir=out | app=system |
"{F6CBBF72-0867-484B-8F87-467984F2FD2D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{2030B4BF-50F6-4CAF-BC1E-C08EDF9163CF}C:\users\kevin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FF81D15E-8EF1-4039-BA50-B80A1333AC2B}C:\program files\ea games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\nfs13.exe |
"UDP Query User{06B28774-AA7E-4637-8699-2C867B0BE918}C:\program files\ea games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\nfs13.exe |
"UDP Query User{0BCD140B-599C-4C60-8EE2-DFEA77D86C3B}C:\users\kevin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}" = O&O DiskRecovery
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"All Media Fixer 2008_is1" = All Media Fixer 2008 9.07
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DAEMON Tools Lite" = DAEMON Tools Lite
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2012 10:31:37 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14227
Error - 26.12.2012 10:31:38 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.12.2012 10:31:38 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15226
Error - 26.12.2012 10:31:38 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15226
Error - 26.12.2012 10:31:39 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.12.2012 10:31:39 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16224
Error - 26.12.2012 10:31:39 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16224
Error - 26.12.2012 10:31:40 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.12.2012 10:31:40 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17222
Error - 26.12.2012 10:31:40 | Computer Name = KEVIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17222
[ System Events ]
Error - 21.12.2012 12:43:30 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:31 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:31 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:35 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:36 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:36 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:37 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 12:43:37 | Computer Name = Kevin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 21.12.2012 15:01:17 | Computer Name = KEVIN | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 22.12.2012 10:49:27 | Computer Name = KEVIN | Source = DCOM | ID = 10010
Description =
[ TuneUp Events ]
Error - 08.12.2012 09:41:51 | Computer Name = Kevin-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
28.12.2012, 15:05
| #4 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam Doppelpost Geändert von gotnos (28.12.2012 um 15:06 Uhr) Grund: Doppelpost |
|
28.12.2012, 16:43
| #5 |
| /// Malware-holic | Find.exe cmd.exe hale.exe udn Rechner langsam download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 19:56
| #6 |
| | Find.exe cmd.exe hale.exe udn Rechner langsamCode:
ATTFilter 19:55:00.0418 3976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:55:00.0823 3976 ============================================================
19:55:00.0823 3976 Current date / time: 2012/12/28 19:55:00.0823
19:55:00.0823 3976 SystemInfo:
19:55:00.0823 3976
19:55:00.0823 3976 OS Version: 6.1.7601 ServicePack: 1.0
19:55:00.0823 3976 Product type: Workstation
19:55:00.0823 3976 ComputerName: KEVIN
19:55:00.0823 3976 UserName: Kevin
19:55:00.0823 3976 Windows directory: C:\Windows
19:55:00.0823 3976 System windows directory: C:\Windows
19:55:00.0823 3976 Processor architecture: Intel x86
19:55:00.0823 3976 Number of processors: 2
19:55:00.0823 3976 Page size: 0x1000
19:55:00.0823 3976 Boot type: Normal boot
19:55:00.0823 3976 ============================================================
19:55:05.0029 3976 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:55:05.0036 3976 Drive \Device\Harddisk2\DR2 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:55:05.0044 3976 ============================================================
19:55:05.0044 3976 \Device\Harddisk0\DR0:
19:55:05.0044 3976 MBR partitions:
19:55:05.0044 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
19:55:05.0055 3976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x25E6189C
19:55:05.0055 3976 \Device\Harddisk2\DR2:
19:55:05.0056 3976 MBR partitions:
19:55:05.0056 3976 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3E, BlocksNum 0x6E47C2
19:55:05.0056 3976 ============================================================
19:55:05.0070 3976 C: <-> \Device\Harddisk0\DR0\Partition2
19:55:05.0098 3976 D: <-> \Device\Harddisk0\DR0\Partition1
19:55:05.0098 3976 ============================================================
19:55:05.0098 3976 Initialize success
19:55:05.0098 3976 ============================================================
19:55:28.0694 5396 ============================================================
19:55:28.0694 5396 Scan started
19:55:28.0694 5396 Mode: Manual; SigCheck; TDLFS;
19:55:28.0694 5396 ============================================================
19:55:30.0114 5396 ================ Scan system memory ========================
19:55:30.0114 5396 System memory - ok
19:55:30.0114 5396 ================ Scan services =============================
19:55:30.0238 5396 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:55:30.0316 5396 1394ohci - ok
19:55:30.0348 5396 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:55:30.0363 5396 ACPI - ok
19:55:30.0379 5396 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:55:30.0394 5396 AcpiPmi - ok
19:55:30.0472 5396 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:30.0488 5396 AdobeFlashPlayerUpdateSvc - ok
19:55:30.0535 5396 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:55:30.0550 5396 adp94xx - ok
19:55:30.0566 5396 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:55:30.0582 5396 adpahci - ok
19:55:30.0582 5396 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:55:30.0597 5396 adpu320 - ok
19:55:30.0613 5396 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:55:30.0644 5396 AeLookupSvc - ok
19:55:30.0722 5396 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:55:30.0753 5396 AFD - ok
19:55:30.0769 5396 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:55:30.0784 5396 agp440 - ok
19:55:30.0784 5396 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:55:30.0800 5396 aic78xx - ok
19:55:30.0831 5396 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:55:30.0847 5396 ALG - ok
19:55:30.0862 5396 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:55:30.0862 5396 aliide - ok
19:55:30.0878 5396 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:55:30.0894 5396 amdagp - ok
19:55:30.0894 5396 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:55:30.0909 5396 amdide - ok
19:55:30.0909 5396 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:55:30.0925 5396 AmdK8 - ok
19:55:30.0940 5396 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:55:30.0956 5396 AmdPPM - ok
19:55:30.0987 5396 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:55:31.0003 5396 amdsata - ok
19:55:31.0034 5396 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:55:31.0050 5396 amdsbs - ok
19:55:31.0050 5396 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:55:31.0065 5396 amdxata - ok
19:55:31.0096 5396 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:55:31.0112 5396 AppID - ok
19:55:31.0128 5396 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:55:31.0174 5396 AppIDSvc - ok
19:55:31.0221 5396 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:55:31.0252 5396 Appinfo - ok
19:55:31.0346 5396 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:31.0362 5396 Apple Mobile Device - ok
19:55:31.0393 5396 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:55:31.0408 5396 AppMgmt - ok
19:55:31.0408 5396 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:55:31.0424 5396 arc - ok
19:55:31.0424 5396 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:55:31.0440 5396 arcsas - ok
19:55:31.0486 5396 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
19:55:31.0502 5396 AsIO - ok
19:55:31.0518 5396 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:55:31.0533 5396 aswFsBlk - ok
19:55:31.0580 5396 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
19:55:31.0596 5396 aswKbd - ok
19:55:31.0642 5396 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:55:31.0658 5396 aswMonFlt - ok
19:55:31.0674 5396 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:55:31.0674 5396 aswRdr - ok
19:55:31.0720 5396 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:55:31.0736 5396 aswSnx - ok
19:55:31.0752 5396 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:55:31.0767 5396 aswSP - ok
19:55:31.0783 5396 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:55:31.0783 5396 aswTdi - ok
19:55:31.0798 5396 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:31.0830 5396 AsyncMac - ok
19:55:31.0861 5396 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:55:31.0861 5396 atapi - ok
19:55:31.0908 5396 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:55:31.0954 5396 AudioEndpointBuilder - ok
19:55:31.0970 5396 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:55:32.0001 5396 Audiosrv - ok
19:55:32.0032 5396 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:55:32.0048 5396 avast! Antivirus - ok
19:55:32.0048 5396 avast! Firewall - ok
19:55:32.0095 5396 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:55:32.0126 5396 AxInstSV - ok
19:55:32.0157 5396 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:55:32.0188 5396 b06bdrv - ok
19:55:32.0220 5396 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:55:32.0235 5396 b57nd60x - ok
19:55:32.0266 5396 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:55:32.0282 5396 BDESVC - ok
19:55:32.0313 5396 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:55:32.0344 5396 Beep - ok
19:55:32.0376 5396 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:55:32.0422 5396 BFE - ok
19:55:32.0454 5396 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:55:32.0485 5396 BITS - ok
19:55:32.0500 5396 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:55:32.0516 5396 blbdrive - ok
19:55:32.0578 5396 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:55:32.0594 5396 Bonjour Service - ok
19:55:32.0610 5396 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:55:32.0625 5396 bowser - ok
19:55:32.0641 5396 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:55:32.0672 5396 BrFiltLo - ok
19:55:32.0688 5396 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:55:32.0719 5396 BrFiltUp - ok
19:55:32.0734 5396 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:55:32.0750 5396 Browser - ok
19:55:32.0766 5396 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:55:32.0781 5396 Brserid - ok
19:55:32.0797 5396 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:32.0812 5396 BrSerWdm - ok
19:55:32.0828 5396 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:32.0844 5396 BrUsbMdm - ok
19:55:32.0859 5396 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:32.0890 5396 BrUsbSer - ok
19:55:32.0890 5396 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:32.0906 5396 BTHMODEM - ok
19:55:32.0953 5396 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:55:32.0984 5396 bthserv - ok
19:55:33.0015 5396 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:55:33.0031 5396 cdfs - ok
19:55:33.0093 5396 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:55:33.0124 5396 cdrom - ok
19:55:33.0156 5396 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:55:33.0187 5396 CertPropSvc - ok
19:55:33.0234 5396 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:55:33.0249 5396 circlass - ok
19:55:33.0265 5396 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:55:33.0280 5396 CLFS - ok
19:55:33.0343 5396 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:33.0358 5396 clr_optimization_v2.0.50727_32 - ok
19:55:33.0405 5396 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:33.0421 5396 clr_optimization_v4.0.30319_32 - ok
19:55:33.0421 5396 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:33.0436 5396 CmBatt - ok
19:55:33.0452 5396 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:55:33.0468 5396 cmdide - ok
19:55:33.0499 5396 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:55:33.0514 5396 CNG - ok
19:55:33.0530 5396 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:55:33.0530 5396 Compbatt - ok
19:55:33.0561 5396 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:55:33.0592 5396 CompositeBus - ok
19:55:33.0608 5396 COMSysApp - ok
19:55:33.0624 5396 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:33.0639 5396 crcdisk - ok
19:55:33.0702 5396 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:55:33.0717 5396 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:55:33.0717 5396 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:55:33.0733 5396 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:55:33.0764 5396 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:55:33.0764 5396 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:55:33.0795 5396 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:55:33.0811 5396 CryptSvc - ok
19:55:33.0842 5396 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:55:33.0858 5396 CSC - ok
19:55:33.0889 5396 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:55:33.0920 5396 CscService - ok
19:55:33.0951 5396 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
19:55:33.0951 5396 CT20XUT - ok
19:55:33.0982 5396 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
19:55:33.0998 5396 CT20XUT.SYS - ok
19:55:34.0029 5396 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:55:34.0045 5396 ctac32k - ok
19:55:34.0060 5396 [ 44F60A5E3C3A8A6BBA4C280948EA6095 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:55:34.0060 5396 ctaud2k - ok
19:55:34.0107 5396 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
19:55:34.0138 5396 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:55:34.0138 5396 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:55:34.0154 5396 [ 8CBE82D6BBF206E144F22CB33FAB1F2C ] ctdvda2k C:\Windows\system32\drivers\ctdvda2k.sys
19:55:34.0170 5396 ctdvda2k - ok
19:55:34.0185 5396 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
19:55:34.0216 5396 CTEXFIFX - ok
19:55:34.0248 5396 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
19:55:34.0263 5396 CTEXFIFX.SYS - ok
19:55:34.0279 5396 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
19:55:34.0279 5396 CTHWIUT - ok
19:55:34.0294 5396 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
19:55:34.0294 5396 CTHWIUT.SYS - ok
19:55:34.0310 5396 [ F0F19A13C948E5289601E354B08E0941 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:55:34.0310 5396 ctprxy2k - ok
19:55:34.0326 5396 [ C7B2C36A6203A5F3D0A378FD78C5DDD6 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:55:34.0341 5396 ctsfm2k - ok
19:55:34.0357 5396 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:55:34.0372 5396 DcomLaunch - ok
19:55:34.0404 5396 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:55:34.0435 5396 defragsvc - ok
19:55:34.0466 5396 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:55:34.0497 5396 DfsC - ok
19:55:34.0544 5396 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:55:34.0560 5396 Dhcp - ok
19:55:34.0575 5396 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:55:34.0622 5396 discache - ok
19:55:34.0669 5396 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:55:34.0669 5396 Disk - ok
19:55:34.0684 5396 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:55:34.0716 5396 Dnscache - ok
19:55:34.0747 5396 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:55:34.0778 5396 dot3svc - ok
19:55:34.0809 5396 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:55:34.0840 5396 DPS - ok
19:55:34.0872 5396 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:55:34.0887 5396 drmkaud - ok
19:55:34.0934 5396 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:55:34.0950 5396 dtsoftbus01 - ok
19:55:34.0981 5396 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:55:34.0996 5396 DXGKrnl - ok
19:55:35.0012 5396 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:55:35.0059 5396 EapHost - ok
19:55:35.0137 5396 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:55:35.0230 5396 ebdrv - ok
19:55:35.0246 5396 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:55:35.0277 5396 EFS - ok
19:55:35.0308 5396 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:55:35.0340 5396 ehRecvr - ok
19:55:35.0371 5396 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:55:35.0371 5396 ehSched - ok
19:55:35.0402 5396 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:55:35.0418 5396 elxstor - ok
19:55:35.0433 5396 [ FB2D6D4D14AE801F5267B0368FC0CB0C ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:55:35.0433 5396 emupia - ok
19:55:35.0449 5396 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:55:35.0480 5396 ErrDev - ok
19:55:35.0542 5396 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:55:35.0589 5396 EventSystem - ok
19:55:35.0589 5396 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:55:35.0636 5396 exfat - ok
19:55:35.0652 5396 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:55:35.0683 5396 fastfat - ok
19:55:35.0730 5396 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:55:35.0761 5396 Fax - ok
19:55:35.0776 5396 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:55:35.0792 5396 fdc - ok
19:55:35.0808 5396 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:55:35.0839 5396 fdPHost - ok
19:55:35.0854 5396 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:55:35.0870 5396 FDResPub - ok
19:55:35.0886 5396 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:55:35.0901 5396 FileInfo - ok
19:55:35.0917 5396 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:55:35.0932 5396 Filetrace - ok
19:55:35.0932 5396 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:35.0964 5396 flpydisk - ok
19:55:35.0979 5396 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:55:35.0995 5396 FltMgr - ok
19:55:36.0057 5396 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:55:36.0073 5396 FontCache - ok
19:55:36.0120 5396 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:36.0135 5396 FontCache3.0.0.0 - ok
19:55:36.0151 5396 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:55:36.0151 5396 FsDepends - ok
19:55:36.0182 5396 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:55:36.0198 5396 Fs_Rec - ok
19:55:36.0229 5396 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:55:36.0244 5396 fvevol - ok
19:55:36.0276 5396 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:36.0291 5396 gagp30kx - ok
19:55:36.0338 5396 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:55:36.0338 5396 GEARAspiWDM - ok
19:55:36.0354 5396 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:55:36.0400 5396 gpsvc - ok
19:55:36.0478 5396 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:36.0478 5396 gupdate - ok
19:55:36.0510 5396 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:36.0510 5396 gupdatem - ok
19:55:36.0556 5396 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:36.0572 5396 gusvc - ok
19:55:36.0588 5396 [ 7FF1CED1201C169A783B0E81CC561FBA ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
19:55:36.0619 5396 ha20x2k - ok
19:55:36.0650 5396 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:55:36.0666 5396 hcw85cir - ok
19:55:36.0712 5396 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:55:36.0744 5396 HdAudAddService - ok
19:55:36.0759 5396 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:55:36.0790 5396 HDAudBus - ok
19:55:36.0790 5396 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:36.0806 5396 HidBatt - ok
19:55:36.0822 5396 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:55:36.0837 5396 HidBth - ok
19:55:36.0868 5396 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:55:36.0900 5396 HidIr - ok
19:55:36.0915 5396 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:55:36.0931 5396 hidserv - ok
19:55:36.0978 5396 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:55:37.0009 5396 HidUsb - ok
19:55:37.0040 5396 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:55:37.0071 5396 hkmsvc - ok
19:55:37.0087 5396 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:55:37.0102 5396 HomeGroupListener - ok
19:55:37.0118 5396 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:55:37.0165 5396 HomeGroupProvider - ok
19:55:37.0196 5396 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:55:37.0212 5396 HpSAMD - ok
19:55:37.0227 5396 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:55:37.0258 5396 HTTP - ok
19:55:37.0290 5396 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:55:37.0290 5396 hwpolicy - ok
19:55:37.0321 5396 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:55:37.0336 5396 i8042prt - ok
19:55:37.0368 5396 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:55:37.0383 5396 iaStorV - ok
19:55:37.0430 5396 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:37.0446 5396 idsvc - ok
19:55:37.0477 5396 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:55:37.0477 5396 iirsp - ok
19:55:37.0492 5396 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:55:37.0539 5396 IKEEXT - ok
19:55:37.0555 5396 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:55:37.0570 5396 intelide - ok
19:55:37.0602 5396 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:55:37.0633 5396 intelppm - ok
19:55:37.0648 5396 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:55:37.0695 5396 IPBusEnum - ok
19:55:37.0695 5396 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:37.0726 5396 IpFilterDriver - ok
19:55:37.0773 5396 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:55:37.0789 5396 iphlpsvc - ok
19:55:37.0820 5396 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:55:37.0836 5396 IPMIDRV - ok
19:55:37.0836 5396 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:55:37.0867 5396 IPNAT - ok
19:55:37.0929 5396 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:55:37.0945 5396 iPod Service - ok
19:55:37.0976 5396 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:55:38.0007 5396 IRENUM - ok
19:55:38.0023 5396 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:55:38.0038 5396 isapnp - ok
19:55:38.0054 5396 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:55:38.0070 5396 iScsiPrt - ok
19:55:38.0101 5396 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:55:38.0116 5396 kbdclass - ok
19:55:38.0148 5396 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:55:38.0179 5396 kbdhid - ok
19:55:38.0179 5396 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:55:38.0194 5396 KeyIso - ok
19:55:38.0210 5396 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:55:38.0226 5396 KSecDD - ok
19:55:38.0241 5396 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:55:38.0257 5396 KSecPkg - ok
19:55:38.0288 5396 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:55:38.0335 5396 KtmRm - ok
19:55:38.0366 5396 [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
19:55:38.0397 5396 L1E - ok
19:55:38.0428 5396 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:55:38.0475 5396 LanmanServer - ok
19:55:38.0491 5396 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:38.0522 5396 LanmanWorkstation - ok
19:55:38.0569 5396 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:55:38.0584 5396 lltdio - ok
19:55:38.0600 5396 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:55:38.0631 5396 lltdsvc - ok
19:55:38.0631 5396 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:55:38.0662 5396 lmhosts - ok
19:55:38.0694 5396 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:38.0709 5396 LSI_FC - ok
19:55:38.0709 5396 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:38.0725 5396 LSI_SAS - ok
19:55:38.0740 5396 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:38.0740 5396 LSI_SAS2 - ok
19:55:38.0756 5396 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:38.0756 5396 LSI_SCSI - ok
19:55:38.0772 5396 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:55:38.0803 5396 luafv - ok
19:55:38.0850 5396 [ A730FC8671A60666D6E877C544DD7CD4 ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys
19:55:38.0865 5396 LVUSBSta - ok
19:55:38.0865 5396 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:55:38.0896 5396 Mcx2Svc - ok
19:55:38.0896 5396 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:55:38.0912 5396 megasas - ok
19:55:38.0912 5396 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:38.0928 5396 MegaSR - ok
19:55:38.0943 5396 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:55:38.0974 5396 MMCSS - ok
19:55:38.0990 5396 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:55:39.0021 5396 Modem - ok
19:55:39.0052 5396 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:55:39.0084 5396 monitor - ok
19:55:39.0099 5396 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:55:39.0099 5396 mouclass - ok
19:55:39.0146 5396 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:55:39.0162 5396 mouhid - ok
19:55:39.0193 5396 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:55:39.0193 5396 mountmgr - ok
19:55:39.0271 5396 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:55:39.0271 5396 MozillaMaintenance - ok
19:55:39.0286 5396 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:55:39.0302 5396 mpio - ok
19:55:39.0318 5396 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:55:39.0349 5396 mpsdrv - ok
19:55:39.0380 5396 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:55:39.0427 5396 MpsSvc - ok
19:55:39.0442 5396 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:55:39.0458 5396 MRxDAV - ok
19:55:39.0489 5396 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:39.0505 5396 mrxsmb - ok
19:55:39.0520 5396 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:39.0536 5396 mrxsmb10 - ok
19:55:39.0552 5396 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:39.0567 5396 mrxsmb20 - ok
19:55:39.0598 5396 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:55:39.0614 5396 msahci - ok
19:55:39.0630 5396 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:55:39.0645 5396 msdsm - ok
19:55:39.0645 5396 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:55:39.0676 5396 MSDTC - ok
19:55:39.0676 5396 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:55:39.0708 5396 Msfs - ok
19:55:39.0723 5396 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:55:39.0754 5396 mshidkmdf - ok
19:55:39.0770 5396 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:55:39.0770 5396 msisadrv - ok
19:55:39.0817 5396 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:55:39.0864 5396 MSiSCSI - ok
19:55:39.0864 5396 msiserver - ok
19:55:39.0895 5396 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:55:39.0926 5396 MSKSSRV - ok
19:55:39.0942 5396 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:39.0988 5396 MSPCLOCK - ok
19:55:40.0004 5396 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:55:40.0020 5396 MSPQM - ok
19:55:40.0051 5396 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:55:40.0051 5396 MsRPC - ok
19:55:40.0066 5396 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:55:40.0082 5396 mssmbios - ok
19:55:40.0082 5396 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:55:40.0113 5396 MSTEE - ok
19:55:40.0113 5396 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:40.0129 5396 MTConfig - ok
19:55:40.0176 5396 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:55:40.0191 5396 MTsensor - ok
19:55:40.0207 5396 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:55:40.0222 5396 Mup - ok
19:55:40.0238 5396 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:55:40.0285 5396 napagent - ok
19:55:40.0316 5396 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:55:40.0347 5396 NativeWifiP - ok
19:55:40.0410 5396 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:55:40.0425 5396 NDIS - ok
19:55:40.0456 5396 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:40.0488 5396 NdisCap - ok
19:55:40.0503 5396 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:40.0550 5396 NdisTapi - ok
19:55:40.0581 5396 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:40.0612 5396 Ndisuio - ok
19:55:40.0628 5396 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:40.0659 5396 NdisWan - ok
19:55:40.0659 5396 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:40.0690 5396 NDProxy - ok
19:55:40.0690 5396 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:40.0722 5396 NetBIOS - ok
19:55:40.0753 5396 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:40.0784 5396 NetBT - ok
19:55:40.0800 5396 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:55:40.0800 5396 Netlogon - ok
19:55:40.0862 5396 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:55:40.0878 5396 Netman - ok
19:55:40.0893 5396 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:55:40.0924 5396 netprofm - ok
19:55:40.0940 5396 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:40.0956 5396 NetTcpPortSharing - ok
19:55:40.0987 5396 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:41.0002 5396 nfrd960 - ok
19:55:41.0018 5396 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:41.0049 5396 NlaSvc - ok
19:55:41.0065 5396 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:41.0080 5396 Npfs - ok
19:55:41.0096 5396 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:55:41.0127 5396 nsi - ok
19:55:41.0158 5396 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:41.0205 5396 nsiproxy - ok
19:55:41.0252 5396 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:41.0283 5396 Ntfs - ok
19:55:41.0299 5396 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:55:41.0330 5396 Null - ok
19:55:41.0533 5396 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:55:41.0658 5396 nvlddmkm - ok
19:55:41.0704 5396 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:41.0720 5396 nvraid - ok
19:55:41.0736 5396 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:41.0751 5396 nvstor - ok
19:55:41.0798 5396 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:55:41.0814 5396 nvsvc - ok
19:55:41.0876 5396 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:55:41.0892 5396 nvUpdatusService - ok
19:55:41.0907 5396 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:41.0923 5396 nv_agp - ok
19:55:41.0938 5396 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:41.0970 5396 ohci1394 - ok
19:55:41.0985 5396 [ AC5BF1A610EFFAAE9CFC48CB53483F08 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:55:41.0985 5396 ossrv - ok
19:55:42.0016 5396 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:42.0048 5396 p2pimsvc - ok
19:55:42.0063 5396 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:42.0079 5396 p2psvc - ok
19:55:42.0094 5396 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:42.0094 5396 Parport - ok
19:55:42.0126 5396 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:42.0126 5396 partmgr - ok
19:55:42.0141 5396 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:55:42.0157 5396 Parvdm - ok
19:55:42.0172 5396 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:42.0188 5396 PcaSvc - ok
19:55:42.0188 5396 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:55:42.0204 5396 pci - ok
19:55:42.0219 5396 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:42.0219 5396 pciide - ok
19:55:42.0235 5396 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:42.0250 5396 pcmcia - ok
19:55:42.0266 5396 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:42.0266 5396 pcw - ok
19:55:42.0282 5396 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:42.0328 5396 PEAUTH - ok
19:55:42.0375 5396 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:55:42.0406 5396 PeerDistSvc - ok
19:55:42.0453 5396 [ 5BD2C6D982481D548107C602E7CCFBBC ] PID_0928 C:\Windows\system32\DRIVERS\LV561AV.SYS
19:55:42.0469 5396 PID_0928 - ok
19:55:42.0500 5396 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:55:42.0578 5396 pla - ok
19:55:42.0594 5396 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:42.0625 5396 PlugPlay - ok
19:55:42.0640 5396 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:42.0672 5396 PNRPAutoReg - ok
19:55:42.0687 5396 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:42.0718 5396 PNRPsvc - ok
19:55:42.0718 5396 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:42.0750 5396 PolicyAgent - ok
19:55:42.0781 5396 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:55:42.0796 5396 Power - ok
19:55:42.0828 5396 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:42.0874 5396 PptpMiniport - ok
19:55:42.0890 5396 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:42.0906 5396 Processor - ok
19:55:42.0952 5396 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:42.0968 5396 ProfSvc - ok
19:55:42.0984 5396 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:42.0999 5396 ProtectedStorage - ok
19:55:43.0030 5396 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:43.0062 5396 Psched - ok
19:55:43.0077 5396 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:43.0124 5396 ql2300 - ok
19:55:43.0124 5396 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:43.0140 5396 ql40xx - ok
19:55:43.0140 5396 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:55:43.0171 5396 QWAVE - ok
19:55:43.0186 5396 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:43.0202 5396 QWAVEdrv - ok
19:55:43.0202 5396 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:43.0233 5396 RasAcd - ok
19:55:43.0264 5396 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:43.0280 5396 RasAgileVpn - ok
19:55:43.0296 5396 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:43.0327 5396 RasAuto - ok
19:55:43.0327 5396 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:43.0358 5396 Rasl2tp - ok
19:55:43.0405 5396 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:55:43.0436 5396 RasMan - ok
19:55:43.0452 5396 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:43.0483 5396 RasPppoe - ok
19:55:43.0483 5396 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:43.0530 5396 RasSstp - ok
19:55:43.0545 5396 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:43.0561 5396 rdbss - ok
19:55:43.0576 5396 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:43.0592 5396 rdpbus - ok
19:55:43.0608 5396 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:43.0639 5396 RDPCDD - ok
19:55:43.0654 5396 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:55:43.0670 5396 RDPDR - ok
19:55:43.0701 5396 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:43.0717 5396 RDPENCDD - ok
19:55:43.0732 5396 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:43.0764 5396 RDPREFMP - ok
19:55:43.0810 5396 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:55:43.0842 5396 RdpVideoMiniport - ok
19:55:43.0873 5396 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:43.0904 5396 RDPWD - ok
19:55:43.0920 5396 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:43.0935 5396 rdyboost - ok
19:55:43.0951 5396 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:43.0998 5396 RemoteAccess - ok
19:55:44.0029 5396 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:44.0076 5396 RemoteRegistry - ok
19:55:44.0107 5396 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:44.0138 5396 RpcEptMapper - ok
19:55:44.0154 5396 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:55:44.0169 5396 RpcLocator - ok
19:55:44.0185 5396 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:55:44.0216 5396 RpcSs - ok
19:55:44.0263 5396 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:44.0294 5396 rspndr - ok
19:55:44.0310 5396 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:55:44.0325 5396 s3cap - ok
19:55:44.0341 5396 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:55:44.0356 5396 SamSs - ok
19:55:44.0403 5396 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:44.0403 5396 sbp2port - ok
19:55:44.0419 5396 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:44.0434 5396 SCardSvr - ok
19:55:44.0450 5396 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:44.0481 5396 scfilter - ok
19:55:44.0512 5396 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:55:44.0559 5396 Schedule - ok
19:55:44.0575 5396 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:44.0606 5396 SCPolicySvc - ok
19:55:44.0622 5396 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:44.0653 5396 SDRSVC - ok
19:55:44.0684 5396 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:44.0700 5396 secdrv - ok
19:55:44.0715 5396 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:55:44.0746 5396 seclogon - ok
19:55:44.0762 5396 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:55:44.0809 5396 SENS - ok
19:55:44.0824 5396 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:44.0840 5396 SensrSvc - ok
19:55:44.0871 5396 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:44.0902 5396 Serenum - ok
19:55:44.0918 5396 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:44.0934 5396 Serial - ok
19:55:44.0949 5396 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:44.0965 5396 sermouse - ok
19:55:44.0980 5396 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:45.0012 5396 SessionEnv - ok
19:55:45.0027 5396 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:45.0058 5396 sffdisk - ok
19:55:45.0058 5396 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:45.0090 5396 sffp_mmc - ok
19:55:45.0090 5396 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:45.0121 5396 sffp_sd - ok
19:55:45.0136 5396 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:45.0152 5396 sfloppy - ok
19:55:45.0183 5396 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:45.0214 5396 SharedAccess - ok
19:55:45.0230 5396 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:45.0261 5396 ShellHWDetection - ok
19:55:45.0261 5396 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:55:45.0277 5396 sisagp - ok
19:55:45.0292 5396 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:45.0308 5396 SiSRaid2 - ok
19:55:45.0308 5396 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:45.0324 5396 SiSRaid4 - ok
19:55:45.0339 5396 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:45.0355 5396 Smb - ok
19:55:45.0370 5396 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:45.0402 5396 SNMPTRAP - ok
19:55:45.0402 5396 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:45.0417 5396 spldr - ok
19:55:45.0433 5396 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:45.0464 5396 Spooler - ok
19:55:45.0511 5396 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:45.0682 5396 sppsvc - ok
19:55:45.0698 5396 [ 7773AD40221ECBBD18053EC75AFF229B ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:45.0698 5396 sppuinotify ( UnsignedFile.Multi.Generic ) - warning
19:55:45.0698 5396 sppuinotify - detected UnsignedFile.Multi.Generic (1)
19:55:45.0714 5396 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:45.0745 5396 srv - ok
19:55:45.0745 5396 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:45.0760 5396 srv2 - ok
19:55:45.0776 5396 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:45.0792 5396 srvnet - ok
19:55:45.0823 5396 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:45.0838 5396 SSDPSRV - ok
19:55:45.0854 5396 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:45.0885 5396 SstpSvc - ok
19:55:45.0948 5396 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:55:45.0963 5396 Stereo Service - ok
19:55:45.0979 5396 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:45.0979 5396 stexstor - ok
19:55:46.0010 5396 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:55:46.0041 5396 StiSvc - ok
19:55:46.0041 5396 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:55:46.0057 5396 storflt - ok
19:55:46.0072 5396 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:55:46.0088 5396 storvsc - ok
19:55:46.0104 5396 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:46.0119 5396 swenum - ok
19:55:46.0135 5396 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:55:46.0166 5396 swprv - ok
19:55:46.0182 5396 Synth3dVsc - ok
19:55:46.0228 5396 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:55:46.0260 5396 SysMain - ok
19:55:46.0275 5396 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:46.0291 5396 TabletInputService - ok
19:55:46.0322 5396 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:46.0338 5396 TapiSrv - ok
19:55:46.0353 5396 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:55:46.0400 5396 TBS - ok
19:55:46.0431 5396 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:46.0462 5396 Tcpip - ok
19:55:46.0525 5396 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:46.0540 5396 TCPIP6 - ok
19:55:46.0556 5396 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:46.0587 5396 tcpipreg - ok
19:55:46.0603 5396 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:46.0634 5396 TDPIPE - ok
19:55:46.0634 5396 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:46.0650 5396 TDTCP - ok
19:55:46.0665 5396 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:46.0712 5396 tdx - ok
19:55:46.0712 5396 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:46.0728 5396 TermDD - ok
19:55:46.0743 5396 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:55:46.0790 5396 TermService - ok
19:55:46.0806 5396 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:55:46.0821 5396 Themes - ok
19:55:46.0837 5396 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:46.0852 5396 THREADORDER - ok
19:55:46.0884 5396 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:55:46.0915 5396 TrkWks - ok
19:55:46.0946 5396 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:46.0977 5396 TrustedInstaller - ok
19:55:46.0993 5396 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:47.0024 5396 tssecsrv - ok
19:55:47.0055 5396 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:47.0071 5396 TsUsbFlt - ok
19:55:47.0071 5396 tsusbhub - ok
19:55:47.0149 5396 [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
19:55:47.0180 5396 TuneUp.UtilitiesSvc - ok
19:55:47.0227 5396 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
19:55:47.0227 5396 TuneUpUtilitiesDrv - ok
19:55:47.0274 5396 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:47.0305 5396 tunnel - ok
19:55:47.0320 5396 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:47.0336 5396 uagp35 - ok
19:55:47.0367 5396 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:47.0398 5396 udfs - ok
19:55:47.0414 5396 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:47.0445 5396 UI0Detect - ok
19:55:47.0461 5396 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:47.0476 5396 uliagpkx - ok
19:55:47.0508 5396 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:55:47.0523 5396 umbus - ok
19:55:47.0539 5396 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:47.0554 5396 UmPass - ok
19:55:47.0586 5396 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:55:47.0632 5396 UmRdpService - ok
19:55:47.0648 5396 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:55:47.0679 5396 upnphost - ok
19:55:47.0710 5396 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:55:47.0726 5396 USBAAPL - ok
19:55:47.0742 5396 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:47.0757 5396 usbccgp - ok
19:55:47.0788 5396 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:47.0804 5396 usbcir - ok
19:55:47.0804 5396 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:55:47.0820 5396 usbehci - ok
19:55:47.0835 5396 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:47.0851 5396 usbhub - ok
19:55:47.0866 5396 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:55:47.0898 5396 usbohci - ok
19:55:47.0898 5396 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:47.0913 5396 usbprint - ok
19:55:47.0929 5396 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:47.0960 5396 USBSTOR - ok
19:55:47.0960 5396 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:55:47.0976 5396 usbuhci - ok
19:55:47.0991 5396 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:55:48.0022 5396 UxSms - ok
19:55:48.0022 5396 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:48.0038 5396 VaultSvc - ok
19:55:48.0069 5396 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:48.0085 5396 vdrvroot - ok
19:55:48.0116 5396 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:55:48.0147 5396 vds - ok
19:55:48.0163 5396 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:48.0178 5396 vga - ok
19:55:48.0194 5396 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:48.0210 5396 VgaSave - ok
19:55:48.0241 5396 VGPU - ok
19:55:48.0256 5396 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:48.0272 5396 vhdmp - ok
19:55:48.0319 5396 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:55:48.0319 5396 viaagp - ok
19:55:48.0334 5396 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:55:48.0350 5396 ViaC7 - ok
19:55:48.0350 5396 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:48.0366 5396 viaide - ok
19:55:48.0397 5396 [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
19:55:48.0412 5396 VideAceWindowsService - ok
19:55:48.0412 5396 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:55:48.0428 5396 vmbus - ok
19:55:48.0444 5396 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:55:48.0475 5396 VMBusHID - ok
19:55:48.0475 5396 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:48.0490 5396 volmgr - ok
19:55:48.0490 5396 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:48.0506 5396 volmgrx - ok
19:55:48.0522 5396 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:48.0537 5396 volsnap - ok
19:55:48.0568 5396 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:48.0584 5396 vsmraid - ok
19:55:48.0615 5396 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:55:48.0662 5396 VSS - ok
19:55:48.0662 5396 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:55:48.0693 5396 vwifibus - ok
19:55:48.0709 5396 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:55:48.0740 5396 W32Time - ok
19:55:48.0740 5396 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:48.0756 5396 WacomPen - ok
19:55:48.0802 5396 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:48.0818 5396 WANARP - ok
19:55:48.0818 5396 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:48.0849 5396 Wanarpv6 - ok
19:55:48.0880 5396 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:55:48.0927 5396 wbengine - ok
19:55:48.0943 5396 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:48.0958 5396 WbioSrvc - ok
19:55:48.0990 5396 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:49.0005 5396 wcncsvc - ok
19:55:49.0005 5396 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:49.0036 5396 WcsPlugInService - ok
19:55:49.0036 5396 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:49.0052 5396 Wd - ok
19:55:49.0068 5396 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:49.0099 5396 Wdf01000 - ok
19:55:49.0099 5396 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:49.0114 5396 WdiServiceHost - ok
19:55:49.0114 5396 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:49.0130 5396 WdiSystemHost - ok
19:55:49.0161 5396 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:55:49.0208 5396 WebClient - ok
19:55:49.0208 5396 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:49.0239 5396 Wecsvc - ok
19:55:49.0239 5396 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:49.0270 5396 wercplsupport - ok
19:55:49.0286 5396 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:49.0317 5396 WerSvc - ok
19:55:49.0364 5396 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:49.0395 5396 WfpLwf - ok
19:55:49.0395 5396 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:49.0411 5396 WIMMount - ok
19:55:49.0458 5396 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:55:49.0489 5396 WinDefend - ok
19:55:49.0489 5396 WinHttpAutoProxySvc - ok
19:55:49.0536 5396 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:49.0567 5396 Winmgmt - ok
19:55:49.0598 5396 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:49.0660 5396 WinRM - ok
19:55:49.0707 5396 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:49.0723 5396 WinUsb - ok
19:55:49.0738 5396 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:49.0785 5396 Wlansvc - ok
19:55:49.0863 5396 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:49.0910 5396 wlidsvc - ok
19:55:49.0926 5396 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:49.0957 5396 WmiAcpi - ok
19:55:49.0972 5396 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:49.0988 5396 wmiApSrv - ok
19:55:50.0035 5396 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:55:50.0082 5396 WMPNetworkSvc - ok
19:55:50.0097 5396 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:50.0113 5396 WPCSvc - ok
19:55:50.0128 5396 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:50.0160 5396 WPDBusEnum - ok
19:55:50.0191 5396 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:50.0222 5396 ws2ifsl - ok
19:55:50.0238 5396 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:55:50.0269 5396 wscsvc - ok
19:55:50.0269 5396 WSearch - ok
19:55:50.0316 5396 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:55:50.0378 5396 wuauserv - ok
19:55:50.0394 5396 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:50.0409 5396 WudfPf - ok
19:55:50.0440 5396 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:50.0456 5396 WUDFRd - ok
19:55:50.0503 5396 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:50.0518 5396 wudfsvc - ok
19:55:50.0518 5396 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:50.0550 5396 WwanSvc - ok
19:55:50.0550 5396 ================ Scan global ===============================
19:55:50.0581 5396 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:55:50.0596 5396 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:55:50.0612 5396 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:55:50.0643 5396 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:55:50.0659 5396 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:55:50.0659 5396 [Global] - ok
19:55:50.0659 5396 ================ Scan MBR ==================================
19:55:50.0674 5396 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:50.0940 5396 \Device\Harddisk0\DR0 - ok
19:55:50.0940 5396 [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk2\DR2
19:56:01.0080 5396 \Device\Harddisk2\DR2 - ok
19:56:01.0080 5396 ================ Scan VBR ==================================
19:56:01.0111 5396 [ 56A24E1F744BE3811C1042B42BFBED8F ] \Device\Harddisk0\DR0\Partition1
19:56:01.0111 5396 \Device\Harddisk0\DR0\Partition1 - ok
19:56:01.0126 5396 [ D82ECC855B45BC68268875C12271FA92 ] \Device\Harddisk0\DR0\Partition2
19:56:01.0126 5396 \Device\Harddisk0\DR0\Partition2 - ok
19:56:01.0126 5396 [ 62568915906CBFFD1100431D7BF8A99C ] \Device\Harddisk2\DR2\Partition1
19:56:01.0126 5396 \Device\Harddisk2\DR2\Partition1 - ok
19:56:01.0126 5396 ============================================================
19:56:01.0126 5396 Scan finished
19:56:01.0126 5396 ============================================================
19:56:01.0142 0816 Detected object count: 4
19:56:01.0142 0816 Actual detected object count: 4
19:56:09.0051 0816 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:09.0051 0816 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:09.0051 0816 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:09.0051 0816 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:09.0051 0816 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:09.0051 0816 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:09.0051 0816 sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:09.0051 0816 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.12.2012, 23:36
| #7 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam Help |
|
31.12.2012, 14:12
| #8 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam Ich benötige Hilfe mein Rechner wird immer langsamer..  |
|
03.01.2013, 16:30
| #9 | |
| /// Malware-holic | Find.exe cmd.exe hale.exe udn Rechner langsam das nächste mal einfach lesen, in meiner Signatur steht genau, warum du keine Hilfe über die Feiertage bekommen hast... combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 16:53
| #10 |
| | Find.exe cmd.exe hale.exe udn Rechner langsamCode:
ATTFilter ComboFix 13-01-03.03 - Kevin 03.01.2013 16:34:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.3327.2336 [GMT 1:00]
ausgeführt von:: c:\users\Kevin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
Infizierte Kopie von c:\windows\system32\winlogon.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy11_!Windows!winsxs!x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500!winlogon.exe wurde wiederhergestellt
.
Infizierte Kopie von c:\windows\System32\slui.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 15:46 . 2013-01-03 15:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-03 15:46 . 2013-01-03 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 13:54 . 2013-01-02 13:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F36FD5B-5EC7-4562-9D54-277928C01547}\offreg.dll
2013-01-02 13:44 . 2013-01-02 13:44 -------- d-----w- c:\program files\Lavalys
2013-01-02 13:10 . 2013-01-02 13:10 -------- d-----w- c:\users\Kevin\VirtualBox VMs
2013-01-02 13:10 . 2013-01-02 13:10 -------- d-----w- c:\users\Kevin\AppData\Roaming\NVIDIA
2013-01-02 13:10 . 2013-01-02 15:10 -------- d-----w- c:\users\Kevin\.VirtualBox
2013-01-02 13:10 . 2012-12-19 14:36 188328 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-01-02 13:09 . 2012-12-19 14:35 94632 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-01-01 20:24 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F36FD5B-5EC7-4562-9D54-277928C01547}\mpengine.dll
2012-12-28 10:52 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-28 10:52 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-28 10:52 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-28 10:52 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-28 10:52 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-28 10:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-22 15:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 15:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 15:08 . 2012-12-22 15:08 -------- d-----w- c:\users\Kevin\AppData\Roaming\Creative
2012-12-21 17:02 . 2012-12-21 17:02 -------- d-----w- c:\programdata\Hewlett-Packard
2012-12-20 17:01 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-20 16:59 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-19 14:36 . 2012-12-19 14:36 104872 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-17 19:12 . 2012-12-20 16:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-17 19:12 . 2012-12-20 16:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-17 19:12 . 2012-12-17 19:12 -------- d-----w- c:\users\Kevin\AppData\Local\Programs
2012-12-13 19:24 . 2012-12-20 16:50 -------- d-----w- c:\program files\Steam
2012-12-10 16:17 . 2012-12-10 16:17 -------- d-----w- c:\windows\Sun
2012-12-10 16:17 . 2012-12-10 16:17 -------- d-----w- c:\program files\Common Files\Java
2012-12-10 16:17 . 2012-12-10 16:17 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 19:55 . 2012-08-04 15:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-20 19:55 . 2012-08-04 15:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-19 18:32 . 2012-11-19 18:32 335872 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}\NewShortcut1_1B77C7148529485093387D9DB12862D9.exe
2012-11-19 18:32 . 2012-11-19 18:32 335872 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}\ARPPRODUCTICON.exe
2012-11-02 11:56 . 2012-11-02 11:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-30 22:51 . 2012-08-05 11:10 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-08-05 11:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-05 11:10 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-08-05 11:10 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-05 11:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-08-05 11:09 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-08-05 11:09 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-29 17:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-08-05 11:10 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-08-05 11:41 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-08-05 11:41 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2012-08-05 11:41 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 17:40 . 2012-11-15 12:18 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 12:18 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-29 08:26 . 2002-01-02 16:06 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-08-04 16:02 2169856 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . BE8C64439F1E2AF088063218C16EB9FE . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-08-04 2169856]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VAWinAgent"=c:\expressgateutil\VAWinAgent.exe
"CTxfiHlp"=CTXFIHLP.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 19:55]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 14:20]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 14:20]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 16:27]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060166142-3853400420-3138952965-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 16:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14597
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={7E159878-2A9F-11E2-B2D2-002215F10484}
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\61abiv07.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.bvb.de/
FF - ExtSQL: 2012-11-05 12:07; DivXWebPlayer@divx.com; c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\61abiv07.default\extensions\DivXWebPlayer@divx.com.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03 16:52:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-03 15:52
.
Vor Suchlauf: 6 Verzeichnis(se), 153.655.418.880 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 153.656.315.904 Bytes frei
.
- - End Of File - - C1B6F316586AC95FAEFD10BEFF77F290
|
|
03.01.2013, 19:32
| #11 |
| /// Malware-holic | Find.exe cmd.exe hale.exe udn Rechner langsam öffne bitte Computer, c: qoobox, rechtsklick Quarantain, mit Winrar oder anderem Archivierungsprogramm packen, im UPload channel hocladen: Trojaner-Board Upload Channel Melden, wenn fertig, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 21:03
| #12 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam Habs hochgeladen |
|
03.01.2013, 21:10
| #13 |
| /// Malware-holic | Find.exe cmd.exe hale.exe udn Rechner langsam danke, ne Verbesserung festzustellen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 21:13
| #14 |
| | Find.exe cmd.exe hale.exe udn Rechner langsam Die o.g Prozesse sind immer noch da hab, schließe die immer nach dem Start deswegen kann ich noch nichts dazu sagen. Und ich dachte wir wären noch nicht durch. |
|
03.01.2013, 21:16
| #15 |
| /// Malware-holic | Find.exe cmd.exe hale.exe udn Rechner langsam Das wir fertig sind, sagt ja auch niemand. lade Hitmanpro: HitmanPro - Download - Filepony Lizenz, testlizenz aktivieren. Dann scannen, am Ende nichts löschen, log als XML exportieren, und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Find.exe cmd.exe hale.exe udn Rechner langsam |
| cmd.exe, find.exe, hintergrund, langsam, langsamer, laufe, prozesse, rechner, rechner langsam, systems, systemstart, weiterhelfen |
Hybrid-Darstellung
